The US Cybersecurity and Infrastructure Security Agency (CISA) issued a statement ordering all civilian federal agencies to patch the Log4j vulnerability, along with three others, by December 24. The organization added the harmful flaw to its Known Exploited Vulnerabilities Catalog and created a new landing page for all content regarding the vulnerability. The CISA is providing insight to organizations alongside the Joint Cyber Defense Collaborative that includes several cybersecurity companies. Other vulnerabilities that must be patched by civilian federal agencies by the 24 include the Zoho Desktop Central Authentication Bypass vulnerability, Fortinet ForiOS Arbitrary File Download flaw, and the Realtek Jungle SDK Remote Code Execution Vulnerability.
The Log4j vulnerability is currently being widely exploited by a growing number of threat actors, prompting government officials to take action. The flaw presents a high threat to companies given its broad use and active exploitation. Bugcrowd CTO Casey Ellis stated that the remediation deadlines were beneficial to all companies, however, they may be nearly impossible for some organizations.
Read More: CISA orders federal civilian agencies to patch Log4j vulnerability and 12 others by December 24
