- Apache Log4j (Log4Shell) Vulnerability
Apache Log4j (Log4Shell) Vulnerability
On December 9, 2021, public information began to circulate about a critical zero-day vulnerability that has put a vast number of services and systems at risk. Named Log4j (or Log4Shell), this open-source vulnerability has presented many dire challenges for security teams, as it affects several widely used enterprise applications and cloud services. This includes Apache Struts, Apache Solr, Apache Druid, Apache Dubbo, Elasticsearch, and VMware vCenter.
How is the situation evolving?
It is highly recommended that all customers apply vendor patches as they become available. Log4j version 2 is now public and ready for user update. Several independent sources have published potential temporary mitigation measures that involve changing configuration files.
Are Endpoints at Risk for Log4Shell Attacks?
The Log4j story, and how it has impacted our customers
How can Trend Micro help?
Trend Micro Research, along with the cybersecurity community, is actively analysing the Log4j vulnerability. Take advantage of our scanning tool to identify compromised server applications. Take advantage of our comprehensive vulnerability assessment tool that can help users check if they are running applications that have a vulnerable version of Log4j.
Webinar: Log4j Vulnerability
What to Know and What to Do
Learn how to recognise the indicators of compromise (IoC) for this attack and what to do if your organisation has been impacted.
Explore how Trend Micro solutions help you detect and respond rapidly to threats that may breach your defenses.
Expand your view of your attack surface with Trend Micro Vision One. Gain broader visibility into threats and deploy XDR sensors to detect malicious or anomalous activities on monitored endpoints and servers.
60-day free trial of Trend Micro Vision One™: Threat defence platform
If you have server workloads, try virtual patching for the Log4j vulnerability via our 30-day free trial and always-free tiers of Trend Micro Cloud One™: All-in-one cloud security platform
Get in touch with our experts