15 December 2021 – “Log4Shell” Critical Cyber alert for Java-based software

A critically rated vulnerability with the Apache Log4j2 library requires urgent investigation and action by organisations who run Java-based applications or servers.

What is the vulnerability?

The vulnerability, known as “Log4Shell” or CVE-2021-44228, is a remote code execution vulnerability in the Apache Log4j2 library, which is one of the most widely used Java-based logging utilities globally. Due to widespread use in popular frameworks a large number of third-party apps may also be vulnerable to exploits.

Why should I be concerned?

A remote code execution vulnerability enables a third party to remotely access your system and potentially view, change or delete data, gain on-going access to your server/network and launch future attacks, like a ransomware attack.

Cybercriminals frequently use security weaknesses in computer software to get access to your computer and the information on it. There are several reports of this vulnerability being actively exploited online and this is almost certainly likely to increase over the holiday period. Swift action is encouraged, as cybercriminals can maintain access even after patching, once a system is compromised.

Who is affected?

Any organisation running Java-based applications with the Apache Log4j2 library enabled is affected. This includes bespoke software, but also extends to software or applications run by third party software providers. A link to a summary of vulnerable and patchable software is hosted on GitHub and available through the Australian Cyber Security Centre (ACSC) alert page. If you or your organisation have developed custom software, it is important to review to understand if it is also vulnerable.

For individuals, Log4j2 is almost certainly a part of the apps or online services you use day-to-day. The best way to protect yourself personally is to ensure your devices and apps are as up to date as possible, particularly over the next few weeks.

What can I do?

The ACSC is recommending organisations who utilise Apache Log4j2 should update to the latest available version. However, where a patch cannot be applied immediately Australian organisations should make use of the mitigation suggestions recommended by the ACSC.

If you are a developer of any affected software, the ACSC advises early communication with your customers to enable them to apply mitigations and install updates where they are available.

Further information

For ongoing updates, you can refer to the guidance published by the ACSC or visit the “Log4Shell” vulnerability website.

For more guidance on how to manage vulnerabilities, refer to further information published by the ACSC, and consider registering as a partner to receive ongoing updated and alerts.

14 July 2021 - Cyber alert for Windows Print Spooler 

All Microsoft users must urgently apply updates to stay safe and prevent unauthorised remote access. 

A vulnerability with the Print Spooler service requires urgent action by users of all Windows operating systems.

What is the vulnerability?

The Print Spooler “PrintNightmare” vulnerability (CVE-2021-34527) is a remote code execution vulnerability, which if used could enable an unwanted third party to remotely access your system and potentially view, change or delete data, or create new accounts with a high level of permissions. 

This is also related to other Print Spooler bugs CVE-2021-1675 and CVE-2021-36958.

What to do

Microsoft is recommending you check for system updates from Microsoft for any device running on any version of Microsoft Windows at work and at home now, and download and install them immediately. 

You can refer to the guidance published by Microsoft about this issue for more information, including additional protective measures to ensure your system is secure. 

Applying these updates is a process called “patching” or vulnerability management - it is an important protective measure to keep yourself, your family, your business and your customers safe.

Why do I need to pay attention? 

Cybercriminals frequently use security weaknesses in computer software to get access to your computer and the information on it. They can exploit these weaknesses to deliver, install and run malicious code, and get access to your emails and other information to steal it or hold it to ransom.

Tips for keeping your internet-connected devices up to date

  1. Ensure that you’re running the latest version of your operating system (eg. Windows, macOS, iOS or Android) on all your computers, laptops, tablets, phones and any other internet-connected devices; consider upgrading or replacing devices that can no longer be updated to newer models.
  2. Ensure that you’re running the latest version of any applications installed, and uninstall any applications that are no longer needed.
  3. Switch on automatic updates for your operating systems and applications if they’re available. You may wish to refer to the  Australian Cyber Security Centre's guides on how to do this.
  4. Create an inventory of all of your internet-connected devices and the software (operating systems and applications) running on those devices and periodically review this list and when they were last updated.
  5. Monitor for potential threats and be ready to install updates as soon as they become available.

For more guidance on how to manage vulnerabilities, refer to further information published by the Australian Cyber Security Centre.

Microsoft Exchange Server vulnerability

UPDATE: On 13 April 2021 Microsoft released security updates to mitigate significant newly discovered vulnerabilities in Microsoft Exchange 2013, 2016 and 2019.

The new vulnerabilities are: 

The patches previously released by Microsoft in March 2021 do not remediate these new vulnerabilities and organisations must apply Microsoft’s 13 April 2021 updates to prevent potential compromise.

The vulnerabilities previously identified were: 

  • CVE-2021-26855 - server-side request forgery (SSRF) vulnerability in Exchange.
  • CVE-2021-26857 - insecure deserialization vulnerability in the Unified Messaging service.
  • CVE-2021-26858 - post-authentication arbitrary file write vulnerability in Exchange.
  • CVE-2021-27065 - post-authentication arbitrary file write vulnerability in Exchange.

 

What do I need to do?

Microsoft has released security updates for vulnerabilities found in:

  • Microsoft Exchange Server 2013
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2019

Additional details relating to the April 2021 patches are available here, whilst information regarding the March 2021 patches are available here

Organisations should apply new patches as soon as possible and also undertake detection steps outlined in Microsoft guidance.

These vulnerabilities affect Microsoft Exchange Server. Exchange Online customers are already protected and do not need to take any action.

For additional information, please see the Australian Cyber Security Centre guidance.

What could happen if my business doesn’t apply the patches?

If the patches aren’t applied, these vulnerabilities could be used by cyber attackers to compromise your business’ information and operations.

A range of cyber attackers – including some in the business of ransomware – were quick to take advantage of businesses that had failed to apply the March updates, which is why it’s critical to apply patches as soon as possible.

To find out more, visit cyber.gov.au.

Things you should know

As the advice on this website has been prepared without considering your objectives, financial situation or needs, you should, before acting on the advice, consider its appropriateness to your circumstances.