Back
Products & Solutions
Our website uses cookies to help us improve our services to you. By continuing to browse the site you are agreeing to our Privacy Statement and our use of cookies. Please read our Cookie Statement and HKT Privacy Statement to understand more.

News

5 Advices for preventing Remote Code Execution (RCE) | HKT

Log4j is an open source Apache Java-based logging utility used by millions of websites and apps

The recent Log4j vulnerability (CVE-2021-44228) found in Dec 2021, and known as a remote code execution (RCE) vulnerability, has devastated digital systems across the internet. Log4j is a ubiquitous open source Apache logging framework that developers use to keep a record of activity within an application. As it is used by millions of websites and apps, the impact of this can hardly be imagined.

We are already on top of it

While most enterprises are still struggling to make a full vulnerability assessment to identify any affected systems,  our dedicated experts and Next Generation Security Operations Center (NG SOC) have already managed and secured the systems of our customers using our Managed Security Services (MSS) in the following ways:

  • The Intrusion Prevention System (IPS) signature was updated automatically, and the IPS systems already started scanning and blocking the malicious attacks from the morning of 11 Dec, 2021.

  • Our advanced Next-Generation Anti-malware tool prevented and detected the tactics and techniques being used in CVE-2021-44228; while both of our Security Operations Centers are continuing to actively monitor any further malicious behaviour.

  • Assessments of those applications were already built-in internally and are in the process of implementing fixes where necessary.

 
Non-HKT Managed Security Services customers - take these steps immediately

For non-HKT MSS customers, our NG SOC experts suggest taking the follow precautions immediately.

  • Update your Intrusion Prevention System (IPS) signature. It’s a good security practice to use the latest patch update.

  • For home-grown applications, you may consider the following mitigation(s) as soon as you can:

    1. Set log4j.formatMsgNoLookups or Dlog4j.formatMsgNoLookups to true for Log4j 2.10 or greater;

    2. Use %m{nolookups} in the PatternLayout configuration for Log4j 2.7 or greater; and

    3. Remove JdniLookup and JdniManager classes from log4j-core.jar for all other Log4j 2 versions.

  • For commercial off-the-shelf (COTS) products, please check with your vendors what temporary measures you can apply to mitigate risk.

  • Restrict the network traffic on firewall, e.g.:

    1. Use %m{nolookups} in the PatternLayout configuration for Log4j 2.7 or greater; and

    2. Remove JdniLookup and JdniManager classes from log4j-core.jar for all other Log4j 2 versions.

  • Apache has released Log4j version 2.17.1 that has fixed the vulnerability. All application teams should consider upgrading their application to this new version as soon as they can.


We will be happy to provide more guidance on the precautions and measurements you should take to optimize your security posture, especially if you are facing a shortage of resources and expertise. 

Date
13/01/2022
Contact us

Please fill in below information. We are always here to serve you.

Please enter first name
Please enter name
Please enter company name
Please enter valid contact number
Please enter enquiry

I have read and hereby agree to be bound by the Privacy Policy Statement.

Please accept the agreement
Please verify that you are not a robot
PREV NEXT
You may also interested in