Skip to content

Security alert Apache Log4j "Log4Shell" Remote Code Execution 0-Day Vulnerability (CVE-2021-44228)

Dear Trend Micro partner, Please be aware that on December 9, 2021, a new critical 0-day vulnerability impacting multiple versions of the popular Apache Log4j 2 logging library was publicly disclosed. Versions of the library said to be affected are versions 2.0-beta 9 to 2.14.1. Once exploited, this vulnerability could potentially result in Remote Code Execution (RCE) by logging a certain string on affected installations. This specific vulnerability, also known as CVE-2021-44228, is being commonly referred to as "Log4Shell" in various blogs and reports. Please be assured that Trend Micro is conducting a detailed investigation across our own customers’ platforms to determine vulnerable versions of Log4J needing remediation or mitigation. For more information and details on protection, investigation and preventative rules, filters & detection, please see our Business Success portal. We are continuing to monitor all our customers’ environments for active threats or compromises, and we will provide regular updates as and when relevant. For any further information please contact your local Trend Micro Account Manager. Kind regards,
Your Trend Micro Team

Previous article Shoring up your cybersecurity posture in light of ongoing crisis
Next article Advisory: Log4j zero-day vulnerability AKA Log4Shell (CVE-2021-44228)

More General News Posts