Log4Shell Vulnerability Has Potential to Compromise Millions of Devices
Monday, December 13, 2021
Log4J Library Could Compromise Millions of Devices
Print Mail Download i

Cybersecurity experts around the world are scrambling to sound the alarm about a newly discovered security vulnerability that could be used by attackers to easily infiltrate computer systems. The vulnerability is found in Log4j, an open-source logging library. Logging is a process where applications keep a record of computing activity, which can later be reviewed by an engineer. The vulnerability would allow an attacker to access a web server without proper credentials and then execute any number of malicious programs.

The vulnerability is particularly dangerous because of how widely implemented the Log4j library is. An update to the Log4j library has already been released in an attempt to mitigate the possibility of bad actors exploiting this vulnerability, but given the time to update systems around the world, the Log4Shell vulnerability will continue to be a threat.

The largest technology companies in the world are responding. Microsoft has issued an update to its servers for the company’s hit videogame Minecraft, where the vulnerability was being used by attackers to run programs on other players’ computers simply by pasting text into the game’s internal chat feature. Internet infrastructure company Cloudflare has reported to the Associated Press that it has no indication that any of its servers were compromised.

For companies relying on cloud-service vendors, this is yet another example of the necessity of proper due diligence of vendors’ cybersecurity capabilities, and the relevance of contractual provisions protecting companies when the cybersecurity practices of a vendor fail. While this vulnerability was a surprise to security experts worldwide, how quickly organizations respond will likely be the difference between those that suffer a related attack and those that do not.

Now is a good time to review your incident-response plans and ensure that your IT, legal, compliance and management teams are all working together and prepared to immediately respond to cloud-services vulnerabilities.

Vincent J. Tennant also contributed to this update.

© 2024 Proskauer Rose LLP.

Current Legal Analysis

More from Proskauer Rose LLP

The Macro-Economic Environment: What It Means for VC Firms
by: Margaret A Dale , Michael R. Hackett
One Month to Go Until the FCA’s Anti‑Greenwashing Rule Comes into Force
by: John Verwey , Rachel E. Lowe
Viking River Who? Another Cautionary Tale About Arbitration Agreement Drafting
by: Jonathan P. Slowik , Michelle L. Lappen
Enacted New York State Budget Includes First-in-Nation Statewide Paid Prenatal Leave (But Other Proposals are Left on the Table)
by: Allan S Bloom , Evandro C Gigante
The Honeymoon is Over: Strikes on the Rise…Even Before A First Contract
by: Joshua S. Fox , Yonatan Grossman-Boder
ELTIF 2.0 – ESMA Responds to the EU Commission’s Proposed Amendments to the Draft RTS
by: John Verwey , Rachel E. Lowe
Public Portal to Promote Healthy Competition
by: Whitney Phelps , John R Ingrassia
Conflict Between Delaware LLC Act and Bankruptcy Code Affects Creditor Toolbox
by: David M. Hillman , Vincent Indelicato
Goodbye “Five-Part Test”—DOL Finalizes New Investment Advice Fiduciary Rules
by: Adam W Scoll , Jennifer Rigterink
Federal Trade Commission Approves Final Rule Banning Most Noncompetes
by: Allan S Bloom , Steven D Hurd

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins