CISA Warns Unpatched VMware Servers Remain Vulnerable to Log4Shell
The US Cybersecurity and Infrastructure Agency (CISA) has warned that attackers are still exploiting the Log4Shell flaw to target VMware’s Horizon and Unified Access Gateway (UAG) servers. The security agency advised IT admins to immediately patch their servers running vulnerable Log4j versions.
The Apache Software Foundation first disclosed the Log4Shell flaw, tracked as CVE-2021-44228, back in December 2021. The vulnerability exists in the popular open-source Apache Log4j framework and allows unauthenticated remote code execution (RCE) and complete server takeover.
VMware released multiple patches to address the security flaw in its products in December and January. However, it turns out that some organizations have yet to patch their systems. CISA says that attackers have recently exploited the Log4Shell vulnerability on unpatched servers to breach the disaster recovery network of an organization and steal sensitive information.
“As part of this exploitation, suspected advanced persistent threat actors implanted loader malware on compromised systems with embedded executables enabling remote command and control (C2). In one confirmed compromise, these APT actors were able to move laterally inside the network, gain access to a disaster recovery network, and collect and exfiltrate sensitive data,” CISA explained.
CISA urges organizations to patch their systems
It is important to note that Log4Shell affected a wide range of customers, enterprise services, and device manufacturers. It is one of the reasons that the flaw was a bit challenging to patch for some organizations. While the CISA had not observed any major intrusions via Log4j, the latest incidents indicate that the security vulnerability is still vulnerable to cyber attacks or state-sponsored operations.
According to the CISA, all organizations with unpatched VMware servers should begin incident response (IR) procedures as soon as possible. It is recommended to isolate the potentially affected systems, review logs and artifacts, and report the breach to the security agency. Meanwhile, customers can hire third-party IR experts to mitigate potential risks and threats.
More in Security
How to Enable Windows 11 Config Lock on Secured-Core PCs
Dec 2, 2022 | Dean Ellerby
Microsoft Defender Vulnerability Management Now Supports Firmware Assessments
Nov 29, 2022 | Rabia Noureen
Microsoft Entra Workload Identities Service is Now Generally Available
Nov 29, 2022 | Rabia Noureen
Microsoft Authenticator to Enable Number Matching Security Feature by Default in February 2023
Nov 21, 2022 | Rabia Noureen
Microsoft Defender for Endpoint Adds Network Protection on iOS and Android
Nov 11, 2022 | Rabia Noureen
What is a Software-Defined Perimeter?￼
Nov 11, 2022 | Sukesh Mudrakola
Most popular on petri