Federal agencies were ordered to protect their systems against a major computer vulnerability by Christmas Eve. The deadline for the security patches was set by CISA – The Cybersecurity and Infrastructure Security Agency.

Log4Shell was called one of the most serious security vulnerabilities during the past decade. Jen Easterly, who is a CISA head, called it “a severe risk”. Not only that but Microsoft also warned that some of the hacking groups are using Log4Shell.

The company explained that most of the tracked nation-state activity groups which are originating from China, Iran, North Korea, and Turkey, were using the vulnerability for different kinds of activities such as doing experiments or targeting attacks.

CISA even added it to the “Known Exploited Vulnerabilities Catalog”. It is a list which contains the most common security flaws that carry significant risk to the federal organization. That’s why the agency set a deadline (by December 24) for the federal civilian executive-branch to do its best in order to mince the problem with the IT systems patched with new softwares.

John Graham-Cumming, who is Cloudflare’s chief technical officer, told BBC:

“For example, when you buy something online, your username might be written to a log file for later processing. Unfortunately, a flaw in Log4j meant that by using special characters in data that is logged, it is possible to get a machine inside a company to run code that an attacker controls. This gives them a foothold inside what would normally be a secure, protected computer.”

Measures to protect its users from the vulnerability were taken by Cloudflare – a company that provides internet security and other services which are meant to help online businesses operate smoothly.

Experts were reported “estimated months to years of finding new instances of this vulnerability across enterprises and vendors” by security news site SC Media.

Companies were called on to install the latest updates immediately wherever Log4j is known to be used, by The UK’s National Cyber Security Centre.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,