{"id":7496,"date":"2022-04-22T20:09:30","date_gmt":"2022-04-22T20:09:30","guid":{"rendered":"https:\/\/gridinsoft.com\/blogs\/?p=7496"},"modified":"2022-04-22T20:12:14","modified_gmt":"2022-04-22T20:12:14","slug":"amazon-patch-for-log4shell","status":"publish","type":"post","link":"https:\/\/gridinsoft.com\/blogs\/amazon-patch-for-log4shell\/","title":{"rendered":"Amazon Patch for Log4Shell allowed privilege escalation"},"content":{"rendered":"

Palo Alto Networks warns that a patch released by Amazon to protect AWS from high-profile issues in Apache Log4j, including the Log4Shell vulnerability, poses a threat to users.<\/h4>\n

The patch can be used to escape the container and escalate privileges, allowing an attacker to take control of the underlying host.<\/p>\n

Let me remind you that in December last year, shortly after cybersecurity researchers alarmed about problems in Apache Log4j<\/strong>, Amazon released emergency patches<\/a> that fix bugs in various environments, including servers, Kubernetes, Elastic Container Service (ECS) and Fargate. The purpose of hotpatches was to quickly fix vulnerabilities while system administrators transited their applications and services to a secure version of Log4j<\/strong>.<\/p>\n

Let me also remind you that soon after the discovery of vulnerabilities, real attacks on the Log4Shell<\/strong> were recorded<\/a>. Moreover, the experts also found out that the Chinese hack group Aquatic Panda<\/strong> exploits Log4Shell to hack educational institutions<\/a>.<\/p>\n

However, as Palo Alto Networks<\/strong> has now found out, the patches were not very successful and could, among other things, lead to the capture of other containers and client applications on the host.<\/p>\n

In addition to containers, unprivileged processes can use a patch to elevate privileges and execute code as root.experts say.<\/a><\/span><\/div><\/div>\n