On December 9, 2021, public information began to circulate about a critical zero-day vulnerability that has put a vast number of services and systems at risk.
Named Log4j (or Log4Shell), this open-source vulnerability has presented many dire challenges for security teams, as it affects several widely used enterprise applications and cloud services. This includes Apache Struts, Apache Solr, Apache Druid, Apache Dubbo, Elasticsearch, and VMware vCenter.
How is the situation evolving?
It is highly recommended that all customers apply vendor patches as they become available. Log4j version 2 is now public and ready for user update. Several independent sources have published potential temporary mitigation measures that involve changing configuration files.
Are Endpoints at Risk for Log4Shell Attacks?
The Log4j story, and how it has impacted our customers
How can Trend Micro help?
Trend Micro Research, along with the cybersecurity community, is actively analyzing the Log4j vulnerability. Take advantage of our scanning tool to identify compromised server applications. Take advantage of our comprehensive vulnerability assessment tool to identify compromised server applications.
Are you a target?
Quickly identify endpoints and server applications that may have Log4j.
Check for the latest updates to our products during this evolving situation.
Webinar: Log4j Vulnerability
What to know and what to do
Learn how to recognize the indicators of compromise (IoC) for this attack and what to do if your organization has been impacted.
Product Demo: Log4j Vulnerability
How to Discover, Detect, and Protect
Learn how our products enable discovery, detection, and protection for Log4shell in this 3-minute demo.
How our solutions help you detect and respond rapidly to threats that may breach your defenses.
If you have server workloads, try virtual patching for the Log4j vulnerability via the 30-day free trial and always-free tiers of Trend Cloud One™, our all-in-one cloud security platform.
Expand your view of your attack surface with Trend Vision One™, our threat defense platform. Try it free for 60 days and experience the broadest native XDR sensor coverage in the cybersecurity market.
Get in touch with our experts