Microsoft thinks customers don’t realize how widespread the Log4j vulnerability is within their IT environments. The cloud giant is therefore warning them proactively and launching a dedicated Log4j dashboard within Azure.
In early December, the digital world was shaken up by Log4Shell, a critical vulnerability within Log4j. Log4j is an open-source framework that developers can use to generate logs for applications built on Java. It has been around for 20 years and is part of popular Java frameworks. Java is one of the most popular programming languages in the world.
It will likely be years before Log4Shell is remediated everywhere because the error-logging software component is massively used in applications and services. Microsoft is therefore warning Azure customers that they may not be aware of how widespread the problem actually is.
read also
Microsoft warns Azure customers en masse about exploitation of Log4j vulnerability
Last month, Microsoft unloaded several updates, including its own Defender security software, to help customers identify problems when hackers scan for an attack on systems.
‘Everyone should be scared’
“Attempts to exploit Log4Shell and various tests by hackers peaked very strongly in the last weeks of December. We saw many hackers adding special exploits into their existing malware kits and tactics to hit the vulnerability. The spectrum of hackers ranges from coin miners to effective hands-on keyboard attacks,” Microsoft said in a blog post.
In a message to Azure customers, Microsoft speaks of widespread availability of exploit code and scanning capabilities, making it very likely that your environment will be targeted. They recommend scripts and scanning tools to mitigate risk.
Log4j Azure dashboard
Between Christmas and the New Year, Microsoft also launched a new Log4j Azure dashboard within the Microsoft 365 Defender portal for Windows 10, Windows 11, Windows Server and Linux. This allows customers to conveniently find and restore files, software and other devices that are susceptible to Log4Shell.
Wondering how to extract Log4j vulnerabilities from Java projects yourself? Then read our how-to guide where we guide you step by step. Meanwhile, Apache has already launched a fifth patch to mitigate new vulnerabilities within Log4j.
read also