When we learned about the Log4j RCE in early December we quickly patched our servers, working on the weekend the day after the CVE was reported to get it done ASAP before hackers could strike.
We started by escalating the incident to our security officer to get the appropriate attention on it. He immediately stopped the vulnerable server to prevent any exploits. This gave us time to do a thorough review of our services for use of Log4j. We used https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell to see what services were affected. Fortunately, only the aforementioned server was affected.
Updating the server was easy thanks to Docker. A quick increment to the tag version and a run of Ansible was all it took. Fortunately our other software was unaffected, so that was all the work needed. In less than a day the server was back online.
To verify that Log4j no longer affected us we used https://log4j-tester.trendmicro.com, which reported a clean result. Problem solved! 🎉
- I learned about the Log4J vulnerability via Reddit. Therefore, browsing Reddit has a business purpose; learning about security vulnerabilities. That's totally what I'm doing on there. Any adorable cat gifs on my screen is 100% related to security.
- You have more vendors and packages than you realize. When you see a vulnerability, think carefully about what it might affect.
- Containerization is good for security not just because it isolates attacks but also because the ease of updating makes attack response fast.