Log4j flaw attack levels remain high, Microsoft warns
Credit:
Naked Security
Microsoft has warned Windows and Azure customers to remain vigilant after observing state-sponsored and cyber-criminal attackers probing systems for the Log4j 'Log4Shell' flaw through December.
Disclosed by the Apache Software Foundation on December 9, Log4Shell will likely take years to remediate because of how widely the error-logging software component is used in applications and services.
Microsoft warns that customers might not be aware of how widespread the Log4j issue is in their environment. Over the past month, Microsoft has released numerous updates, including to its Defender security software, to help customers identify the issue as attackers stepped up scanning activity.