Skip to main content
close search
site logo
Dive Brief

AWS reissues Log4Shell hotpatch after vulnerabilities found

Researchers warn attackers can escape containers and escalate privileges.

Published April 22, 2022
David Jones's headshot
Reporter
Communication network concept. GUI (Graphical User Interface).
metamorworks via Getty Images

Dive Brief:

  • Amazon Web Services is scrambling to assist customers after security researchers at Palo Alto Networks found severe vulnerabilities in AWS hotpatches that were supposed to protect customers from the Log4Shell vulnerability. 
  • AWS released a software tool in mid-December designed to patch vulnerabilities found in the Log4j library, however security researchers at Palo Alto's Unit 42 discovered code vulnerabilities that could let attackers break out of a container environment and gain escalated privileges. 
  • After working with Palo Alto researchers for months, Amazon released a new hotpatch earlier this week, Unit 42 said in research released Tuesday. Unit 42 researcher Yuval Avrahami is urging organizations to review their container environments and upgrade to the fixed version. A large number of users may have downloaded the original hotpatches. 

Dive Insight:

After the Log4j vulnerability was disclosed in early December, numerous vendors released patches to protect customers against potentially catastrophic cyber intrusions. 

The vulnerability was considered critical and allowed even an unsophisticated threat actor to gain access to a system by typing in just a few lines of code, without attempting authentication. 

Amazon released hotpatches designed to monitor for vulnerable Java applications and containers, according to Unit 42 researchers. The patches were each designed for different environments, including standalone servers, Kubernetes Clusters, Elastic Container Service clusters and Fargate. 

Researchers said the hotpatches were not just designed for AWS environments but were designed to work in different cloud and on-premises environments. 

A spokesperson for AWS said the company would not comment beyond the release of the security bulletin.

Unit 42 researchers found the vulnerabilities soon after AWS released the tools and immediately contacted AWS, working closely with them to issue the remediated patches, according to Avrahami. Unit 42 has no knowledge of active exploitation, but what it discovered is an example of what can happen when security is not properly monitored.

"This highlights the need for security engineers and researchers to continually look for vulnerabilities in container environments," Avrahami said via email. "Container isolation is difficult, and there are always risks involved when developing solutions that interact with customers."

"This balanced the looming threat with the inherent risks of a quickly built hot patch," Mark Nunnikhoven, distinguished cloud strategist at Lacework, said via email. "Those risks are exactly what the researchers found, more vulnerabilities."

Four months have passed since the Log4j project published the permanent patch, Nunnikhoven said. Therefore, AWS should have withdrawn the temporary fix as the patch and other mitigation measures were underway.

"Any time there's a looming threat, security teams need to balance the risks of each mitigation they deploy," Nunnikhoven said. "In this case, the new research highlights the need for a strong follow-up process after an incident response."

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell