A vulnerability that affects a Java logging package (log4j) has been identified and IT professionals have been alerted about the potential issues.
The code is being used on many enterprise and cloud services platforms.
When the vulnerability is being exploited, a remote attacker can launch a background process or work undetected in a machine. This type of attack can be used to run other code, install software or remove data without the operator’s knowledge.
In some demonstrations of the exploit, the calculator is brought up on a machine that was attacked or Minecraft was launched and inventory was emptied from the user’s account.
IT On Demand has confirmed with our vendors that our services are not on the affected applications lists and all patches are up to date on the software we use to manage remote machines.
Specifically, the backup tools we use for backup and remote management (Datto) and antivirus/EDR/MTR and firewall (Sophos) have put out notes of being clear. CloudOptix from Sophos was affected but a patch went out early this morning.
I will post updates as they become available.
If you’d like to see a demo of the exploit in action, you can watch it here: Video of Exploit