Skip to content

Advisory: Log4j zero-day vulnerability AKA Log4Shell (CVE-2021-44228)

On December 9, a severe remote code vulnerability was revealed in Apache’s Log4J , a very common logging system used by developers of web and server applications based on Java and other programming languages. The vulnerability affects a broad range of services and applications on servers, making it extremely dangerous—and the latest updates for those server applications urgent.

Sophos has completed an investigation to determine whether Sophos products are impacted. Please review the Security Advisory for status of your products.

SophosLabs has deployed a number of IPS signatures for Sophos Firewall, Sophos Endpoint, and Sophos SG UTM that scan for traffic attempting to exploit the Log4J vulnerability. The Sophos Managed Threat Response (MTR) team is actively monitoring MTR customer accounts for post-exploit activity. Sophos XDR customers can use a query to help identify vulnerable Log4J components in their environment.

Given the severity and widespread nature of this vulnerability, customers are advised to verify the presence/usage of Log4J in all applications, systems, and services across their environment. Focus first on internet-facing services and follow any update instructions.

Additional reading:

• Sophos Security Advisory: Log4j zero-day vulnerability AKA Log4Shell (CVE-2021-44228)

• Sophos Naked Security: “Log4Shell” Java vulnerability – how to safeguard your servers

• Sophos Naked Security: Log4Shell explained – how it works, why you need to know, and how to fix it

• SophosLabs Uncut: Log4Shell Hell: anatomy of an exploit outbreak

Need Further Assistance?
If you are experiencing an active incident and need support, contact: rapidresponse@sophos.com

Your Sophos Team

Previous article Security alert Apache Log4j "Log4Shell" Remote Code Execution 0-Day Vulnerability (CVE-2021-44228)
Next article Critical RCE Vulnerability in Log4J2

More General News Posts