Although VMware already released a patch for its Horizon Servers in December, many users have not yet updated their systems - at the risk of a Log4j exploit attack. Recently, an initial access broker group dubbed Prophet Spider has been spotted abusing the Log4j vulnerability to gain access to victim networks. But that's not all, Log4j continues to be seen as the main vulnerability abused in malware infections, crypto mining and more. The UK's National Health Service (NHS) warned last month that hackers were attempting to exploit a Log4J vulnerability in VMware Horizon servers to establish web shells, allowing attackers to distribute malware and ransomware, steal sensitive information, and complete other malicious attacks.


Patch your servers

As stated by a VMware spokesperson, VMware Horizon products remain vulnerable to critical Apache Log4j/Log4Shell vulnerabilities unless properly patched or mitigated using the patch VMSA 2021-0028, which was first published on Dec. 10, 2021. The patch, published on the VMware security advisory, is updated regularly with new information.


Block Log4j Attacks

At ThreatSTOP, we are fully committed to creating the absolute best protection for our users. We block threats from the most basic to the most advanced, solidly protecting our users' networks - both ways. Whether an attacker is trying to penetrate the network from the outside, or call home from inside a compromised network, the ThreatSTOP platform blocks their traffic both on the IP and domain level.

In addition to our 900+ threat intelligence feeds, we have added a new Log4j ThreatSTOP-curated feed with the latest indicators of compromise (IOC) to ensure two-way protection from attacks using these vulnerabilities.


If you are a ThreatSTOP customer, add the Log4j IP and domain targets to your policy to get instant protection from this threat.

Not a ThreatSTOP user and want to try us out? Grab a demo to see the quick, immensely positive impact on your network security.

Get a Demo