HSO is aware of active exploitation of a critical Log4j Remote Code Execution vulnerability affecting various industry-wide Apache products. This vulnerability is in the open source Java component Log4J versions 2.0 through 2.14.1 (inclusive) and is documented in Apache CVE-2021-44228.
Currently, HSO is not aware of any impact to the security of our product portfolio and has not experienced any degradation in availability of those services as a result of this vulnerability. In addition, we are following the information and guidance Microsoft is providing related to cloud business applications such as Microsoft Dynamics 365, Microsoft Power Apps, etc.
We advise our clients to follow the guidance, as updated from time to time, from Microsoft:
- MSRC Blog: Microsoft’s Response to CVE-2021-44228 Apache Log4j 2
- Microsoft Security Blog: Guidance for preventing detecting and hunting for CVE-2021-44228 log4j2 exploitation
If you wish to engage further with HSO on this specific topic then please contact us.