By Ryan Naraine on December 10, 2021
Enterprise security response teams are bracing for a hectic weekend as public exploits -- and in-the-wild attacks -- circulate for a gaping code execution hole in the widely used Apache Log4j utility.
The remote code execution flaw is already being exploited to compromise Minecraft servers but, with such a massive attack surface at organizations around the world, experts warn that widespread exploitation is inevitable.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild and prompted the release of a high-priority patch.
