Log4j Software Vulnerability Expected to Persist, Possibly for Months


A flaw in a widely used piece of free internet software is prompting companies to rush to update their systems and prevent cyberattacks, but the technology’s ubiquity means the threat could affect businesses for months, security researchers say.

Corporate security executives say they hurried over the weekend to assess whether and how their computer networks use the software, Log4j, while waiting for vendors to disclose the risk to their own technologies and issue software updates to mitigate the threat. The bug was disclosed Thursday.

Log4j is used on computer servers to keep records of users’ activities so they can be reviewed later by security or software development teams. The nonprofit Apache Software Foundation, a group that distributes the open-source tool at no cost, has said it has been downloaded millions of times.