Blogs - GYTPOL

Log4J / Log4Shell: How to Find It & Fix It

Written by Nitsan Ben Nun | Dec 13, 2021 10:28:06 AM

It’s been 12 months to the day since FireEye announced that they were victim of the now infamous SolarWinds Supply Chain Attack. We have been talking about it all year and it has gone down in history as one of the most sophisticated and far reaching cyber attacks.

And now, it is perhaps going to be trumped by Log4Shell vulnerability, and the attacks that will exploit it.

What is Log4J?

Log4J is an Apache open-source logging Java library. It is used in enterprise systems and web apps. It is so widely used that you can expect many of your applications, web apps and services are making use of it.

What is the Log4Shell exploit?

An attacker can simply send a malicious code string that gets logged by Log4j version 2.0 or higher. The exploit allows an attacker to take control of a server by loading arbitrary Java code. Apache Foundation announced this as a critical zero-day vulnerability CVE-2021-44228

What is the Remedy?

Apache Foundation has released a patch update which can be found here. If you’re the author of the app, you should use that link to secure your system. You should also be in touch with all your application vendors to determine if they are using Log4Shell and whether they are providing an update to their application.

Can GYTPOL help with Log4Shell?

For sure! Firstly, the GYTPOL application itself was not impacted as we don’t make use of this library.

Secondly, there has already been a few patch updates released by Apache. If you are not enthusiastic about applying numerous updates throughout your organization which is time consuming and has its own risks then GYTPOL’s remediation capability with zero impact will certainly help.

GYTPOL provides continuous visibility of all your PCs and Servers (including cloud workloads) and then remediating the issue, rapidly, automatically and without breaking anything else along the way.

GYTPOL already supports Log4Shell detect and remediation as follows:

  1. GYTPOL accurately discovers all instances of Log4J on all your PCs and Servers. Other scanning tools have shown to not be fully accurate. With GYTPOL, we find them all.
  2. GYTPOL can then proactively remediate by repairing the vulnerability without the need to patch the update from Apache, thereby eliminating the risk for all applications.

It's as simple as that. No muss, no fuss, no more risk!