Professional Documents
Culture Documents
PWC Threat Intelligence - Log4j Explained - 17 Dec 21
PWC Threat Intelligence - Log4j Explained - 17 Dec 21
PWC Threat Intelligence - Log4j Explained - 17 Dec 21
Log4j Vulnerability
(CVE-2021-44228)
Subtitle
PwC Threat Intelligence
Jen Easterly
Director, United States Cybersecurity and
Infrastructure Security Agency (CISA)
What are we seeing?
Contents
Key points
Related vulnerabilities
Recommendations
Additional resources
https://nvd.nist.gov/vuln/detail/CVE-2021-4104 https://nvd.nist.gov/vuln/detail/CVE-2021-45046
Understand your Validate any vulnerable Upgrade to Log4j If you think you have
exposure systems have not been 2.16.0 been compromised…
compromised
Identify systems across Exploitation of this Recent analysis has Activate your incident
your enterprise that may vulnerability may have shown that the changes response (IR) plan or IR
be running vulnerable occurred as early as to 2.15.0 do not mitigate retainer.
versions of Log4j December 1, 2021. the vulnerability and that
Review logs and alerts all systems should still be
from associated systems considered vulnerable
to ensure a compromise unless 2.16.0 is
has not occurred. deployed.
Understanding the Log4j Vulnerability (CVE-2021-44228) December 2021
PwC Threat Intelligence 6
External Resources
Apache https://logging.apache.org/log4j/2.x/security.html
Microsoft https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
CISA US https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance
NCSC UK https://www.ncsc.gov.uk/news/apache-log4j-vulnerability
ACSC AU https://www.cyber.gov.au/acsc/view-all-content/alerts/critical-remote-code-execution-vulnerability-found-
apache-log4j2-library
Cyber CA https://cyber.gc.ca/en/alerts/active-exploitation-apache-log4j-vulnerability
JPCERT https://www.jpcert.or.jp/at/2021/at210050.html
CERT NZ https://www.cert.govt.nz/it-specialists/advisories/log4j-rce-0-day-actively-exploited/
ANSSI https://www.cert.ssi.gouv.fr/alerte/CERTFR-2021-ALE-022/
GovtCERT CH https://www.govcert.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/
www.pwc.in/consulting/cybersecurity.html
© 2021 PwC. All rights reserved. Not for further distribution without the permission of PwC. “PwC” refers to the network of member firms of PricewaterhouseCoopers
International Limited (PwCIL), or, as the context requires, individual member firms of the PwC network. Each member firm is a separate legal entity and does not act as
agent of PwCIL or any other member firm. PwCIL does not provide any services to clients. PwCIL is not responsible or liable for the acts or omissions of any of its
member firms nor can it control the exercise of their professional judgment or bind them in any way. No member firm is responsible or liable for the acts or omissions of
any other member firm nor can it control the exercise of another member firm’s professional judgment or bind another member firm or PwCIL in any way.