While the worst of Log4Shell may be behind us and much work remains, let’s say “Well done” to the security engineers and managers who labored in the trenches in recent weeks. But if you thought the Log4j vulnerability was last year’s problem, think again. In 2022, this vulnerability will require care and attention to fully remediate and detect permutations.

Log4j fears centered on the pervasive use of the Java logging library and how easily an unauthenticated attacker could leverage the exploit for remote code execution (RCE). We have implemented updated configurations, and feel prepared to mitigate the suite of Log4j exploits — for now. However, permutations of this exploit are already emerging and long-term solutions involving full upgrades to core infrastructure are likely pending at your organization.