Hackers Still Exploiting Log4Shell Flaw in Unpatched VMware Servers, Feds Warn
Federal cybersecurity authorities have warned that hackers are still exploiting Log4Shell in unpatched VMware software.
In a joint advisory, the Cybersecurity and Infrastructure Security Agency and the U.S. Coast Guard Cyber Command said that the vulnerability affects VMware Horizon and Unified Access Gateway servers that have not been updated.
VMware released its first Log4Shell fix in December 2021 and posted the most recent one in April 2022, according to one of the company’s advisories.
Organizations that failed to implement the fixes shortly after they were released should treat their VMware systems as compromised, CISA said.
Also known as CVE-2021-44228, the Log4Shell exploit is a remote code execution flaw that can be found in the Apache Log4j logging tool, CISA explained in a previous alert.
Log4j drew the cybersecurity community’s attention in late 2021 due to the framework’s ubiquity in enterprise applications and cloud services. The vulnerability affected the Java Edition of Microsoft’s Minecraft, the Steam digital store, Apple’s iCloud and Chinese web giant Baidu.
CISA and CGCYBER also published a comprehensive version of their joint cybersecurity alert containing information on advanced persistent threat behavior and other technical cybersecurity topics.
The authorities advised affected users to install fixed builds of the affected software as well as implement a demilitarized zone to protect their networks from untrusted traffic.
Other steps that organizations can take include adopting strict perimeter access controls, not using unnecessary internet-facing services, regularly updating firewalls, implementing multi-factor authentication and enforcing strong passwords.
CISA also advised organizations to prioritize patching known exploited vulnerabilities.
Tags: CISA CVE-2021-44228 cybersecurity joint cybersecurity advisory Log4j Log4Shell U.S. Coast Guard Cyber Command VMware