Federal agencies on Friday were ordered by the Department of Homeland Security to investigate and patch systems against the Apache logging library Log4j vulnerability that has been flagged by cybersecurity experts in recent days.
The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency order calling on agencies to immediately patch their network assets that connect to the Internet or implement other mitigation measures. Federal civilian agencies would have until Dec. 24 to implement the changes, noting the directive “is in response to the active exploitation by multiple threat actors of vulnerabilities found in the widely used Java-based logging package Log4j.”
