Windows Update foreshadowed by Log4J

Hello everyone,

While I had things to attend to today, I did a little bit of reading and found Krebs On Security’s article dealing with Windows Update.

Unfortunately, we won’t be doing Windows Update because we need to do other topics, but it is important to blog what we can so that people are aware of it.

The article from Brian is titled Microsoft Patch Tuesday, December 2021 Edition for those who want to read it.

The opening paragraph of this mid-Decmeber article says:

Microsoft, Adobe, and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that that is already being actively exploited. But this month’s Patch Tuesday is overshadowed by the “Log4Shell” 0-day exploit in a popular Java library that web server administrators are now racing to find and patch amid widespread exploitation of the flaw.

While this is still true, and Security Now today is titled “Log4J Christmas” we should be dilligent on making sure our software is up-to-date.

The Security Now program is being taped as we speak, and should be available as a podcast by morning.

In case you missed it, here are several paragraphs as we know it and as Krebs wrote for this article.

Log4Shell is the name picked for a critical flaw disclosed Dec. 9 in the popular logging library for Java called “log4j,” which is included in a huge number of Java applications. Publicly released exploit code allows an attacker to force a server running a vulnerable log4j library to execute commands, such as downloading malicious software or opening a backdoor connection to the server.

According to researchers at Lunasec, many, many services are vulnerable to this exploit.

One of the things mentioned in this article is the mention of “Apache Struts” which was used in earlier attacks.

In regards to Windows Update, as part of this article, a half dozen of the patches are rated critical by Microsoft. The biggest flaw seeing exploitation is CVE-2021-43890

link

Malware families like Emotet, Trickbot and BazaLoader may take advantage of this flaw.

There’s much more to the article that I linked above, and I link to the CVE and other info for you to look at if it interests you.

Thanks so much for reading, make it a great day!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.