Tech companies such as Cisco Systems, IBM, VMware, and Splunk are still struggling to install patches that fix the Log4j vulnerability, which was recently discovered by researchers and exploited by attackers.
The Log4j flaw has been fixed by Apache. However, since many programs use the free logger, it is necessary that many organizations also prepare and install patches to prevent takeovers.
This includes other free software and programs from both big and small companies.
Currently, some technology companies, including Cisco are updating guidance several times a day, while confirming vulnerabilities, available patches, or strategies for blocking intrusion when they occur.
Based on observations and companies’ struggles to patch their systems, Kevin Beaumont, security threat analyst, explained: “Lots of vendors are without security patches for this vulnerability. Software vendors need to have better, and public, inventories around open-source software usage so it is easier to assess risk – both for themselves and their customers.”