Amazon Web Services has provided resources and recommendations to help organizations address a newly discovered vulnerability associated with the Log4j Java-based logging utility, which is part of the Apache Software Foundation’s logging services project.
AWS released a GitHub-available tool that users can run to hotpatch Java Virtual Machines with Log4j 2.0 and later versions, Mukhtar Kabir, an associate solutions architect at AWS, wrote in a blog entry published on Monday.
The hotpatch applies software updates to address Log4j’s remote code execution vulnerability labeled CVE-2021-44228. The information technology services company is also working on an updated Log4j library for all AWS services.
Additionally, AWS offers security services designed to protect systems, detect Log4j vulnerabilities and respond to threats. The services include the AWS Web Application Firewall, AWS Security Hub and AWS Systems Manager.
The Cybersecurity and Infrastructure Security Agency issued an emergency directive with actions that civilian agencies can take to mitigate the Log4j vulnerability, which has been exploited globally.
The Log4j logging package is used in websites, operational technology systems and enterprise services.