December 13, 2021
This article has been updated to include the latest definitions release of Runecast.
Runecast helps customers discover vulnerable Log4j instances in their Windows and Linux applications.
Both Runecast and its detection capabilities for customer environments have been patched and continuously improved in each version since 6.0.1 to reflect new and updated log4j-related CVEs.
28 January 2022 – Release of Runecast Analyzer 220.127.116.11
21 December 2021 – Release of Runecast Analyzer 6.0.4
17 December 2021 – Release of Runecast Analyzer 6.0.3
15 December 2021 – Release of Runecast Analyzer 6.0.2
12 December 2021 – Release of Runecast Analyzer 6.0.1
On Friday, December 10th 2021, a critical vulnerability in the Apache Log4j Java library (used by thousands of enterprise apps), Log4Shell, was disclosed. A zero-day exploit was found in log4j2, a popular third-party library which many services include as a dependency. By sending a request to any endpoint which writes its content into the application's log file, an attacker can trick the application into loading and executing untrusted code from a malicious server.
Our development team worked tirelessly and well into the small hours of Sunday morning to update the Runecast platform for our clients to counter the Log4Shell vulnerability. For those who may be new to the Runecast community, this is the level of service that we always strive to provide our customers.
A VMSA was released by VMware (VMSA-2021-0028) in response to the highly critical CVE-2021-44228 vulnerability.
Runecast 18.104.22.168 was released on Sunday, 12 December, to help customers discover VMware products in their environment affected by VMSA-2021-0028.
Log4j is a widely used Java component in thousands of applications and VMware is just one of the vendors whose applications were affected. To help customers discover any Windows and Linux application affected by the log4j vulnerability, Runecast released Log4Shell scanning as part of the brand new proactive OS analysis functionality on 15 December.
Due to the severity and widespread impact of this issue, Runecast is currently offering an assessment of your estate. This includes all applications running on Windows, Linux, VMware, and even Kubernetes on Linux, as stated above.
For Kubernetes, AWS or Azure, this vulnerability affects the application layer (as it did with VMware). If you have workloads like Linux and Windows servers running on these platforms, then Runecast already covers it (with version 22.214.171.124). It’s important to note that Windows and Linux themselves are not affected, but Runecast Analyzer sees deeper and looks at the applications running within those operating systems. What’s more, where the Runecast OS agent is installed on a Linux Kubernetes Node, Runecast Analyzer can see the container processes and detect the Java vulnerability inside.
Where automatic updates are enabled, Runecast customers should already have this VMSA and vulnerabilities covered, with offline updates available through the Runecast customer portal as usual. We strongly recommend updating to the latest Runecast Analyzer version - both to ensure Runecast Analyzer is patched, and also to enable Log4Shell analysis for your VMware, Windows and Linux applications.
For anyone who thought that December would be a quiet month this just proves that security doesn’t have an off switch, and we are once again impressed with the dedication and hard work of our development team to react to critical vulnerabilities like this in such a short time period.
As we are in the early days of the vulnerability being reported we believe that threat actors and cyber criminals will use this vulnerability, which likely means greater harm and risk in the coming days. This is why we move heaven and earth to cover these vulnerabilities as quickly and comprehensively as possible.
This year we as a team have covered a number of VMware Security Advisories and critical security events. Common Vulnerabilities and Exposures (CVEs) like these provide definitions for publicly disclosed cybersecurity vulnerabilities and exposures, and the VMSA provides VMware’s resolution and workaround information. This information is carefully evaluated and parsed by Runecast and our development team to ensure that the critical infrastructure that you rely on, and we protect, is safe as soon as possible.
Runecast 6.0.2 is a monumental release that introduces not only Windows and Linux analysis but dives deeper into the application level, to ensure customers have full protection against critical vulnerabilities.
As always, if you have any questions you can reach out to us via our contact us form or on Twitter with any feedback or questions.
Check your environment for the critical vulnerability in the Apache Log4j Java library.