Log4J Vulnerability Explained
The Log4j vulnerability exposed hundreds of thousands of systems to attack in December 2021. Now, nearly a year later, here’s where we are.
This article was originally published on Built In.
Introduction — What Is a Zero-Day Vulnerability?
Last December, one of the technology industry’s most serious zero-day vulnerabilities was discovered: Log4j. What exactly is a zero-day vulnerability? A zero-day is defined as a vulnerability that’s been disclosed but has no corresponding security fix or patch. This puts all systems and applications where the vulnerability is present at risk due to the lack of remediation for the weakness.
We can compare it to a scenario where your car’s door-locking mechanism stops working, but the car dealer doesn’t have a way to resolve the issue. This puts your car at risk of being stolen since you have no ability to lock the doors.
Log4j was discovered on December 9, 2021, leaving many cybersecurity professionals working 40-plus hour weeks through the end of the year to assess their environments and coordinate remediation efforts across their organizations. It’s also one that left many other people asking, “What’s the big deal? New zero-days are…
