As normal Bitdefender is on top of this:
On December 9, 2021, Apache disclosed CVE-2021-44228, a remote code execution vulnerability – assigned with a severity of 10 (the highest possible risk score) – affecting Apache Log4j2, a Java-based logging framework widely used in commercial and open-source software products. The vulnerability affects versions 2.0 through 2.14.1; version 2.15.0 is not vulnerable.
Bitdefender is already seeing and monitoring several malicious actors running active exploitation campaigns.
The CVE-2021-44228 vulnerability has been assigned the highest possible risk score (CVSS 10) due to its exploitation impact (ability to remotely execute code on targeted hosts). Likely, this vulnerability will linger in computing infrastructures for an extensive period of time due to the widespread use of the Log4j2 logging framework. It is important to note this vulnerability is easy to exploit and applications using the affected Log4j2 versions are subject to an extensive attack surface. Immediate action is advisable.
Double check you other Vendors and RMM systems or remote Control programs
Roy Miehe | MspPortal Partners Inc. | Ceo/President
Bitdefender /MSP – Distributor
“Where Service and Technical Skills Count”
