In mid-December 2021, a serious vulnerability was discovered in the Apache Log4j library, which allows an attacker to execute any program code on a vulnerable system (RCE – Remote Code Execution).
The vulnerability exists in both open source applications, proprietary solutions, and many commercial products. The vulnerability affects a wide range of services and applications on servers, making them extremely dangerous – and the latest updates are urgent. The latest versions of Apache Log4j, which already contain all the fixes for discovered vulnerabilities, are Log4j 2.3.2 (for Java 6), 2.12.4 (for Java 7) or 2.17.1 (for Java 8 and later).
Shortly after the Log4j library vulnerability was revealed, Sophos released patches for its products, and made a query available to all Sophos Intercept X Advanced users with XDR to check which devices the Log4j library was on.
An example of a quick and easy search for Log4j vulnerabilities in a company using Sophos XDR is another example of the use of XDR technology, which can raise the level of corporate protection and save time and money.
For all companies without experts in the use of XDR technology, Sophos offers the MTR (Managed Threat Response) service, which provides 24/7 control of the company’s computer security status, 24/7 response and elimination of all threats that arise In the company.