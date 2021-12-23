Earlier this week there was a report of a Log4j worm found in the wild that exploits the Log4Shell vulnerability. Thankfully, the worm discovered didn’t actually work. However, this should come as a warning to everyone that patching Log4j is extremely important. A successful Log4j worm could have disastrous consequences to individuals and organizations. Internet-wide worms could infect a large number of vulnerable computers, seek out new vulnerable hosts and may have the side effect of creating a denial-of-service against many services. This added traffic from worms looking for vulnerable Log4j instances could affect any internet-facing services, not just the ones running Log4j. According to Maven Central, one of the most widely used Java package repositories, 41% of recent Log4j downloads were vulnerable versions. This means that nearly half of all Log4j versions downloaded in the last few weeks contain the critical Log4Shell security vulnerability.

COMPUTERS ・ 4 DAYS AGO