Deploying the patch without fixing the environment that is compromised is like wearing a condom after you have the STD.
VMware Horizon platform pummeled by Log4j-fueled attacks
VMware's Horizon virtualization platform has become an ongoing target of attackers exploiting the high-profile Log4j flaw to install backdoors and cryptomining malware. In a report this week, cybersecurity firm Sophos wrote that VMware's virtual desktop and applications platform has been in the crosshairs since late December, …
COMMENTS
-
-
Wednesday 30th March 2022 17:58 GMT Anonymous Coward
?? Its a logging daemon that's affected so the only environmental fix is either install the entire OS from scratch or turn the computer off, neither of which should be needed. Or so I think as nobody has mentioned malicious patches to a SSH daemon or shell or whatever. Those would normally be caught on update (if the computer is updated) which is why I think they were dropping thier on binaries onto the system.
-
-
Wednesday 30th March 2022 18:28 GMT Lorribot
This is going to be an ongoing issue
One of the problems this has highlighted is the disclosure of this vulnerability came after the software was patched but before all the companies that used it were able to test across there own stack and provide the required updates to customers, as such you are left waiting for software patches from companies scrambling to do testing and releasing half fixes and thus the window is wide open for being hit by miscreants. VMware suffered badly as their software is external facing by design so would have high exposure..
Disclosure is a major issue with OSS components like Log4J as it is only worried about the source developers not how it is used in the real world over which they have no control or even knowledge.
On a separate note it was surprising how many companies said they weren't affected as they shipped with v1, which went out of support in 2016 and has a number of unpatched CVEs against it, v1 is even shipped/installed with SQL 2019 which was released 3 years after the software was end of life and still gets copied on to drives when you install SQL. Nice one Microsoft.