Windows and Azure customers point out that government-sponsored and cybercriminal attackers searched the systems for the Log4j vulnerability “Log4Shell” in December. The software company warns that customers may not be aware of how widespread the Log4j problem is in their environment.
The vulnerability known as Log4Shell was made public by the Apache Software Foundation on December 9th. Fixing the vulnerability will likely take years as the error logging software component is used in many applications and services. In the past few weeks Microsoft has released numerous updates, including for the Defender security software, to help customers identify the problem as attackers intensify their scanning activities.
“Usage attempts and tests remained high in the last few weeks of December. We have seen many attackers build these vulnerabilities into their existing malware kits and tactics, from coin miners to keyboard attacks, ”said Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC) in an update from January 3rd.
According to Microsoft, customers “should assume that the widespread availability of exploit code and scanning capabilities poses a real and present threat to their environments.” Hence, the company encourages its customers to use scripts and scanning tools to assess the risk and impact.
“Microsoft has discovered that attackers are using many of the same inventory techniques to find targets. It has been observed that attackers such as national actors as well as simple hackers exploit these vulnerabilities. There is great potential for further exploitation of these vulnerabilities, ”continues Microsoft.