December 14, 2021

Cybersecurity firm Cybereason recently released a fix that fixes the Log4j zero-day vulnerability, which is currently being exploited by attackers.

Although some users have not been able to fix the Apache Log4Shell vulnerability, the fix ensures that those who have not been able to update their systems, or who have not been able to do so immediately, will continue to be able to patch their systems thanks to the “Logout4shell” tool, which is available to access GitHub and as the company says, “is a relatively simple fix that requires only basic Java skills to implement.”

Yonatan Striem-Amit, CTO of Cybereaso explained, explains what the Log4j vulnerability fixing tool looks like: “In short, the fix uses the vulnerability itself to set the flag that turns it off. Because the vulnerability is so easy to exploit and so ubiquitous–it’s one of the very few ways to close it in certain scenarios. You can permanently close the vulnerability by causing the server to save a configuration file, but that is a more difficult proposition. The simplest solution is to set up a server that will download and then run a class that changes the server’s configuration to not load things anymore.”

The solution met with mixed reactions from security experts. While some praised the company for its initiative, others believe that such a move is not enough to protect all organizations currently affected by the bug.

For more information read the original story in ZDNet.