Vulnerability detected in Java logging library Apache Log4j can result in full server takeover. Security firm Cybereason says it has developed and released an urgent “vaccine” for the easily exploitable flaw. The fix just disables the vulnerability and allows users to remain protected while they assess and update their servers. Cloud applications, including those widely used across the enterprise, also remain vulnerable. Experts recommend that users update immediately to the latest version to permanently remediate the vulnerability. Security expert: “It’s difficult to patch and because many organizations don’t even realize they have the vulnerable library they may not be thinking about patching””]
Source: https://www.cuinfosecurity.com/log4j-vaccine-released-for-exploited-apache-zero-day-a-18105