On December 14, the Apache Log4j 2 team released Log4j 2.16.0 to fix these vulnerabilities. All existing Apache Log4j running servers will be potential targets for hackers until the patch is applied. Microsoft recently updated its guidance for preventing, detecting, and resolving Log4j 2 vulnerabilities, giving customers a solution and prevention plan.
According to Microsoft, attackers are actively exploiting the Log4j vulnerability, and in the last few weeks of December, there are still many attempts to exploit it. Microsoft mentioned that many existing attackers have added exploits to these vulnerabilities in their existing malware kits and tactics, expanding the possibility of exploiting the Log4j vulnerability.
Microsoft has released the following guidance for customers:
Customers are encouraged to leverage scripts and scanning tools to assess their risks and impacts.
Microsoft has observed attackers using many of the same inventory techniques to locate targets. Sophisticated adversaries (such as state-sponsored hackers) and those trying to exploit these vulnerabilities are already being exploited by sophisticated adversaries and those trying to make profit from attacks.
Microsoft recommends that customers conduct additional reviews of devices found to be vulnerable.
Customers should be aware that the wide availability of vulnerability code and scanning capabilities is a real and real danger to their environment.
Due to the large number of software and services affected, and given the speed of updates, it is expected that this will be a lengthy remediation process that will require constant vigilance for the vulnerability for some time.
![Microsoft warns of a log4j2 vulnerability that is more far-reaching than SolarWinds[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)