Attackers Exploit Log4j Flaws in Hands-on-Keyboard Attacks to Drop Reverse Shells

Microsoft has issued a warning regarding the increasing threat of attacks exploiting the recently discovered vulnerabilities in the Apache Log4j logging framework. The company has reportedly observed a surge in scanning activity and attempted exploitation targeting these flaws. Microsoft stressed the importance of customers assuming the broad availability of exploit code and scanning capabilities, as a real and dangerous threat. Apache Log4j, a widely used open source logging component, is present in almost every environment where a Java app is used.