ALERT HIGH IMPORTANCE - zero-day exploit on Log4j Java library

Inter Engineering warns for a new threat circulating the Internet from Friday 10-12-2021. This is a ‘zero day’ threat which it aims at circumventing security measures without being spotted. The threat exploits a vulnerability in the Log4J Apache software library, which is used in most of the software products today. And that in turn means that all those products are vulnerable.

An attacker can use this vulnerability to cause the target system to fetch and run code from a remote location. The second stage – what the malicious code does – is fully up to the attacker. Finding an app that doesn’t use Log4J library may be harder than finding one that does. This omnipresence means attackers can go looking for vulnerabilities almost anywhere.

The Apache foundation has released a fix, as have many software vendors.

What does this mean in practice?
The majority of organizations of any kind use software impacted by this particular vulnerability and thus should immediately proceed with installing the patches published by vendors.

At this moment in time warning is of essence.
During the following days more details will become available.
Inter Engineering is at your disposal with advice and comments.

Kind Regards,
Inter Engineering response team