UPDATE: Install updates to address serious vulnerability in Apache Log4j
A serious vulnerability has been identified in Apache Log4j, a program that is commonly used in Web applications and many other systems. The National Cyber Security Centre (NCSC) has warned of potentially major damage and is advising organisations to install the updates that Apache has made available as soon as possible. We are seeing scanning activity in the Netherlands, and we anticipate that the vulnerability, which has been dubbed ‘Log4shell’, will be exploited in the near future. The NCSC is monitoring the situation closely; keep an eye on the website for further information and updates. If you are uncertain whether your organisation uses Apache Log4j, ask your software supplier.
On GitHub the NCSC has published a list of applications that could be affected by the serious vulnerability in Log4j. This list is by no means complete, and over the next few days it will be supplemented with information about applications that are not yet on the list. The NCSC has urgently requested its partner organisations and companies to share additional information on GitHub. This is an easy way to publicise this kind of information. This page will also be used to announce scanning and detection options and indicators of compromise.
The vulnerability makes it possible for attackers to misuse the rights of webservers remotely, with potentially major repercussions. For this vulnerability the NCSC has issued a HIGH/HIGH security advisory: both the chance of misuse in the short term and the potential for damage are high.
It is possible to detect misuse by searching through logs. The cybersecurity firm Northwave has made a tool available to determine whether your server is vulnerable. The NCSC would draw your attention to the disclaimer in the accompanying text.
Apache Log4j is very widely used in both large and small organisations, both in the Netherlands and abroad. The way of exploiting this vulnerability is now publicly known. Given the considerable attention this vulnerability is getting, the NCSC expects that additional ways of exploiting the vulnerability will be developed in the near future. This means that time is of the essence when it comes to installing the updates.