Summary

On December 9th, a critical zero-day vulnerability named Log4Shell was identified in the popular Log4j framework Apache Software Foundation. Cybercriminals were quick to attack enterprises by exploiting this vulnerability.

In this note we highlight and answer five common questions about this Log4J vulnerability.

Introduction

On Thursday, December 9, 2021, a critical zero-day vulnerability in Log4j, a widely used logging framework for enterprise Java applications was identified. Tech industries around the world immediately started scrambling to address the issue as soon as possible. Simultaneously, cybercriminals began an onslaught of attacks to exploit the vulnerability before impacted systems could get patched. The race is still ongoing, and this incident is turning out to be one of the largest cybersecurity events in recent history. We expect many enterprises will become a victim of this exploit into 2022.

This Research Note provides answers to five of the most frequently asked questions about this vulnerability including advice to enterprises on what they must do to defend against it or recover from it.