Log4j vulnerability in VMware Horizon targeted by hackers

code security log4j

In the UK, the NHS warns of attackers actively targeting Log4j vulnerability Log4Shell in VMware Horizon.

Hackers are focusing their attacks on the Log4Shell vulnerability in VMware Horizon. The NHS in the UK warns of this. VMware is one of tens of thousands of organizations affected by the vulnerability in open source logging tool Log4j. This implies that all customers of VMware products using Log4j are also at risk.

read also

Log4j vulnerability in VMware Horizon targeted by hackers

VMware Horizon is one of the affected products. Versions 7.x and 8.x are all vulnerable, regardless of the platform they run on. According to the NHS, an as-yet-unidentified gang of cybercriminals is specifically targeting the leak at VMware. Learn more about the attack in this blog post.

Fast patching

Fortunately, a solution exists in the meantime. For some products VMware is still working on a patch, but for VMware Horizon it is already available. An overview of all available patches can be found here. Given the active abuse, it is very important to install the updates as soon as possible. This applies not only to this particular issue, but to all software vulnerable to the Log4j vulnerability.

Unfortunately, it is not always clear which software uses a vulnerable version of Log4j and is therefore itself susceptible to attack. Large software providers take responsibility, but numerous projects rely on Log4j. In some cases, vulnerable code was even integrated directly into applications, making it even more difficult to detect the presence of the vulnerability.