Jump to content

Alert java/exploit cve 2021-44228


Saifuddinit

Recommended Posts

We Are facing issue on new Security Vulnerability can you please check, its already showing in one our client machine and it is blocked but can you confirm it is secure or it secure from eset and we are waiting your reply

 

image.thumb.png.66928f5e9276f1c0c46a65f035d138c7.png

Link to comment
Share on other sites

FYI: https://nvd.nist.gov/vuln/detail/CVE-2021-44228

You need to apply the latest Apache server patch update as noted here: https://www.bleepingcomputer.com/news/security/log4j-2171-out-now-fixes-new-remote-code-execution-bug/

It appears that an external source is trying to exploit this vulnerability via a Chrome connection from the client device.

Edited by itman
Link to comment
Share on other sites

Hi Imran But here we are not using any apache server this just from Chrome its blocked from Eset so there any have to from my end in client laptop or no need

Link to comment
Share on other sites

  • Administrators

Also note that the attacks will continue even after patching vulnerabilities, you can't prevent that without filtering the communication on a firewall before the server. However, even if you didn't install the appropriate security update, ESET has blocked the communication so you would be safe. Of course, that doesn't mean you could hesitate with installation of security updates, not at all.

Anyways, it would be of interest to see details of the attack, ie the source and target IP addresses and ports.

Link to comment
Share on other sites

Thank admin for update so now what we can do now to prevent this type of attack and right now we need to anything in client laptop like windows update  Eset update l

Link to comment
Share on other sites

  • Administrators
2 minutes ago, Saifuddinit said:

Thank admin for update so now what we can do now to prevent this type of attack and right now we need to anything in client laptop like windows update  Eset update l

If you don't have Apache installed, it was most likely a non-targeted attack when the attacker was just trying to attack the machine in the hope that Apache might be installed.

Link to comment
Share on other sites

Imran I got you mean to say below link whatever software is there need to update security patch right ??

Edited by Saifuddinit
Link to comment
Share on other sites

11 minutes ago, Saifuddinit said:

Imran I got you mean to say below link whatever software is there need to update security patch right ??

Not sure I understand you fully.

If a software vendor product is affected; the vendor has patch for this vulnerability;, and you have this affected software installed somewhere in your installation; then the patch should be installed ASAP.

Link to comment
Share on other sites

Hi ItMan

I got the what you say but I saw the user laptop its didn't find any software which is infected i can see eset log its show action blocked

Link to comment
Share on other sites

1 hour ago, Saifuddinit said:

Hi ItMan

I got the what you say but I saw the user laptop its didn't find any software which is infected i can see eset log its show action blocked

My current situation understanding of this Java based vulnerability is it is the most active exploit attempt.

Assume that the user of the device where Eset detected the vulnerability via Chrome landed on a malicious or infected web site that attempted to exploit this vulnerability. This could have been done via numerous methods. It appears to me that the attacker found some software installed on your network installation that is vulnerable and tried to exploit it. Luckily, Eset detected the exploit attempt and blocked it.

Note that there are currently multiple exploits detected in regards to this Java vulnerability; CVE-2021-44228 is just one of them.

Also, make sure all your Chrome installations are using the latest version: https://www.cvedetails.com/cve/CVE-2021-30599/

Finally, CISA has developed an app that will scan your network for apps vulnerable to CVE-2021-44228: https://www.bleepingcomputer.com/news/security/cisa-releases-apache-log4j-scanner-to-find-vulnerable-apps/

Edited by itman
Link to comment
Share on other sites

17 minutes ago, Saifuddinit said:

Hi ItMan

I have seen below link i have checked all software in client laptop and there is  not impact anything so what cause this happen

You have to check all your network devices; client and server devices, for vulnerable software. Not just the laptop where the Eset alert generated.

Link to comment
Share on other sites

Here's a specific example of how attackers are exploiting this vulnerability. Hence, the need to scan all installation devices for vulnerable apps and apply vendor supplied patches:

Quote

The attempted intrusion exploited the newly discovered Log4Shell flaw (CVE-2021-44228, CVSS score: 10.0) to gain access to a vulnerable instance of the VMware Horizon desktop and app virtualization product, followed by running a series of malicious commands orchestrated to fetch threat actor payloads hosted on a remote server.

https://thehackernews.com/2021/12/chinese-apt-hackers-used-log4shell.html

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...