Log4j Attack Surface Remains Massive

Over four months after a critical remote code execution vulnerability in the Apache Log4j logging tool was disclosed, attackers can still exploit tens of thousands of targets. Rezilion found more than 90,000 Internet-exposed servers running the vulnerable software in a recent scan, but this is likely to be a small fraction of potential targets as it doesn’t factor in internal network servers and servers running proprietary applications. Security experts have urged organizations to install the updated, fixed version of the software.