The BSI particularly recommends that companies and organizations implement the defensive measures outlined cyber
Warning level red: Log4Shell leads to an extremely critical threat situation
BSI , the critical vulnerability ( Log4Shell ) in the widely used Java library Log4j leads to an extremely critical threat situation. The BSI has therefore upgraded its existing cyber security warning to red warning level .
The reason for this assessment is the very wide distribution of the affected product and the associated effects on countless other products. The vulnerability is also trivial to exploit; a proof of concept is publicly available. Successful exploitation of the vulnerability enables a complete takeover of the affected system. The BSI is aware of global and Germany-wide mass scans and attempted compromises. The first successful compromises are also reported publicly.
BSI 's assessment, the full extent of the threat situation cannot currently be conclusively determined. update for the affected Java library Log4j , all products that use Log4j must also be adapted. A Java library is a software module that is used to implement a specific functionality in other products. It is therefore often deeply anchored in the architecture of software products. Which products are vulnerable and for which there are already updates is currently not completely clear and must therefore be checked on a case-by-case basis. It is expected that additional products will be identified as vulnerable in the next few days.
The BSI particularly recommends that companies and organizations implement the defensive measures outlined cyber In addition, detection and response capabilities should be increased in the short term in order to adequately monitor your own systems. As soon as updates are available for individual products, they should be installed. In addition, all systems that were vulnerable should be examined for compromise.
Source: BSI
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )