Log4Shell remediation challenges continue

Seventy-two percent of organizations continue to face challenges in completely remediating the critical Log4Shell flaw, tracked as CVE-2021-44228, which was identified last December, SecurityWeek reports. While the rate of corporate assets vulnerable to Log4Shell dropped from 10% in December 2021 to only 2.5% in October, 29% of the vulnerable assets were found to have Log4Shell recurrence following total remediation, according to Tenable telemetry data. The findings also showed that full Log4Shell remediation has increased by 14 percentage points among organizations around the world. "Full remediation is very difficult to achieve for a vulnerability that is so pervasive and its important to keep in mind that vulnerability remediation is not a 'one and done' process," said Tenable Chief Security Officer Bob Huber, who added that while complete Log4Shell remediation was achieved by organizations at some point, the vulnerability has persisted due to the continued addition of new assets to their corporate environments.