Article 5TSE8 Patch systems vulnerable to critical Log4j flaws, UK and US officials warn

Patch systems vulnerable to critical Log4j flaws, UK and US officials warn

by
Dan Goodin
from Ars Technica - All content on (#5TSE8)
log4shell-image-800x450.jpeg

Enlarge (credit: Getty Images)

Criminals are actively exploiting the high-severity Log4Shell vulnerability on servers running VMware Horizon in an attempt to install malware that allows them to gain full control of affected systems, the UK's publicly funded healthcare system is warning.

CVE-2021-44228 is one of the most severe vulnerabilities to come to light in the past few years. It resides in Log4J, a system-logging code library used in thousands if not millions of third-party applications and websites. That means there is a huge base of vulnerable systems. Additionally, the vulnerability is extremely easy to exploit and allows attackers to install Web shells, which provide a command window for executing highly privileged commands on hacked servers.

The remote-code execution flaw in Log4J came to light in December after exploit code was released before a patch was available. Malicious hackers quickly began actively exploiting CVE-2021-44228 to compromise sensitive systems.

Read 11 remaining paragraphs | Comments

index?i=nz7Yil5aqtM:XJ19zQUsxls:V_sGLiPB index?i=nz7Yil5aqtM:XJ19zQUsxls:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments