MSP360 Statement On Critical Apache Log4j Vulnerability (cve-2021-44228)
On December 13, 2021, the Apache Foundation released an emergency update for a critical zero-day vulnerability in Log4j, a logging tool included in almost every Java application.
The problem revolves around a bug in the Log4j library that can allow an attacker to execute arbitrary code on a system that is using Log4j to write out log messages. This security vulnerability has a broad impact and is something anyone with an application containing Log4j needs to immediately pay attention to.
This vulnerability does not affect Managed Backup users.