Skip to content

Log4j zero-day vulnerability

Here's what you need to know about CVE-2021-44228, or Log4Shell, and what you can do about it.

Your organization’s IT environment could be at risk.

First reported on December 9, 2021, the Apache Log4j vulnerability is one of the most serious vulnerabilities on the internet in recent years, putting millions of devices at risk. Here’s what you need to know.


It could be on any device

Log4j is widely used on Windows, Linux, Mac, IoT, home devices, etc.


It could be anywhere on disk

Log4j is commonly renamed and repackaged, meaning the vulnerability can be present anywhere.


It is exploited in real time

Log4j has been targeted in 800,000+ attacks within 72 hours of the vulnerability publication.


It could cost you

The Federal Trade Commission plans to pursue companies who don't remedy the Log4j vulnerability.


CVSS score


Cyberattack attempts within first 72 hours of vulnerability publication


Exploits per second, according to Cloudflare

"One of the most serious [vulnerabilities of my] entire career. If not the most serious. . . We expect the vulnerability to be widely exploited by sophisticated actors, and we have limited time to take necessary steps in order to reduce the likelihood of damage." — Jen Easterly, CISA Director

Quickly find and fix your Log4j exposure

Watch this 4-minute video to learn more about this vulnerability and how Tanium can help customers and partners identify, investigate and remediate it.

Know everything now

Enable your IT team to quickly identify vulnerable instances of the Apache Log4j utility, search for references to the impacted library in common file formats and detect instances of exploitation.

Fix it fast

Upon detection, triage and promptly remediate exposure to the Log4j vulnerability by notifying application owners, applying recommended patches or conducting deeper investigation.

Take control

Keep Log4j — and yet-to-be-discovered vulnerabilities — at bay by continuously enforcing compliance through managing patches, software updates and configurations at scale.

Black RingPower logo

“Tanium Reveal has been critical to us in responding to Log4j. Nobody else was able to search for references to the impacted library in common file formats and detect instances of exploitation. With Tanium, we accomplished in 30 minutes what would have taken months.”

Kevin Bush VP of IT Ring Power Corp.

“Much to our surprise, Tanium made us aware of many endpoints that were vulnerable to Log4j through user-installed tools and applications we weren’t aware of. Additionally, it helped us identify servers and appliances that had embedded Apache which may have otherwise been overlooked or left unprotected.”

Steven Blankenship Director of IT Salisbury University

“Tanium is quickly becoming our most indispensable tool for operations. It has answers for questions in real time, that without Tanium we would be scrambling to figure out. The ability to gather information, expose and remediate vulnerabilities quickly like Log4j has been invaluable. It’s given us confidence that our organization is secure.”

Jerry Delgado IT Director of Infrastructure & Security United Automobile Insurance Company

Think you're exposed?

We can help. Tanium can quickly find vulnerable instances, identify signs of exploitation, and mitigate or patch those instances. Try Tanium free today or watch our webinar to learn more.

Good enough isn't good enough when it comes to Log4j

Tanium can help you scan, search and hunt down Log4j exposure you didn't even know existed. These modules give you a starting point, narrow down the search and pinpoint exact locations of Log4j.

Read our full guidance


Included with Tanium Core

What is it?

List of applications installed in plain sight on your endpoints

What does it do?

Great for understanding the IT estate, counting software licenses and serving as a starting point for your Log4j hunt

Why does it matter?

Immediately gain visibility into your IT environment


Included with Threat Response

What is it?

List of unique filenames and folders on your endpoints

What does it do?

Great for searching known file names and hashes and locating the paths of those files

Why does it matter?

Search deeper and quickly find Log4j by name in known file folders


What is it?

Indexed search of every folder, file and its contents

What does it do?

Great for uncovering hidden instances of Log4j. Reveal can spot traces of Log4j inside nested or renamed files and archived folders (e.g., .jar, .zip, etc.) as well as references to Log4j inside file content

Why does it matter?

Log4j has nowhere to hide even when a file name has been changed — maliciously or by design