As you could read in the last post, a vulnerability in Log4J was found. One of the solution to fix the issue was to update Log4J to 2.15.0. However as it seems an additional attack vector was identified and reported in CVE-2021-45046.
I found this blog post on Lunasec.io very handy which I wanted to share with you. This post gives a very good information on the new CVE-2021-45046. How it affects the mitigations and their findings.
Lunasec.io also covers a very good guide on “How To Detect and Mitigate the Log4Shell Vulnerability (CVE-2021-44228 & CVE-2021-45046)” which I also used to see if any of the systems contains Log4j AKA Log4Shell.
Also the Malwarebytes blog post on log4j is a good resource for you if you’d like to read more about this vulnerability.
As it seems, this will keep us busy for some more time to have everything fixed. So all I can say is; happy fixing it.
UPDATE: CISA Log4j Vulnerability Guidance
I also found a very handy repository provides CISA’s guidance and an overview of related software regarding the Log4j vulnerability.
Picture Credit: Kevin Beaumont