Log4Shell, the Bug That’s Breaking the Internet

One of the most serious security flaws in the past decade, Log4Shell lets hackers seize control of a variety of different targets raging from web servers to industrial control systems.

17 December 2021

Companies and their security teams around the globe are struggling to patch their systems and fix the Log4Shell, a critical security flaw in Log4j, an extensively used open source logging utility that can be “found practically everywhere from online games to enterprise software and cloud data centers” according to TechCrunch

Log4Shell allows attackers to remotely run code on vulnerable servers running Log4j, which is used to create a log of activity on a device. The vulnerability is tracked as CVE-2021-44228 and was given the critical severity rating, “meaning attackers can remotely take full control of a vulnerable system over the internet without any interaction from the victim.”

Rogue cryptocurrency miners and hackers have already jumped to seize an opportunity and many high-profile companies and services are likely to be affected. TechCrunch reports that VMware released an advisory to warn customers that many of its products are affected, and Cisco has confirmed that some of its products are impacted by the flaw as well. 

Read more: The race is on to patch Log4Shell, the bug that’s breaking the internet by Carly Page