A new zero-day vulnerability dubbed CVE-2021-44228 affecting a Java logging package log4j is quickly becoming a top security concern among security experts. The log4j library is used in a wide range of popular software by a number of manufacturers including Apache, Apple iCloud, Steam, Minecraft and others.
Even as fixes are being rolled out to address the vulnerability, researchers warn that the flaw could potentially have repercussions throughout the world.
If your organization uses the older version of the log4j library, you should upgrade to the latest one log4j-2.15.0.rc2 at once. Make sure that your instance of Java is up-to-date. However, it is worth noting here that this solution will not work for all affected products using the library. You will have to wait until your vendors release patches for their respective products.
Cybersecurity company Huntress have developed a tool which helps to test whether your applications are vulnerable to CVE-2021-44228. The tool can be accessed here https://log4shell.huntress.com.
Read original article here www.huntress.com/blog/rapid-response-critical-rce-vulnerability-is-affecting-java