A vulnerability in Log4j, a humble but widespread piece of software, has put millions of computers at risk. SOPA Images/LightRocket via Getty ImagesLog4Shell, an internet vulnerability that ...

What Can I Do? The Log4j exploit is just one of many security holes being exploited by bad actors. The CISA’s exploited vulnerabilities catalog lists 20 found in December alone.

What does Log4j do? Log4j records events - errors and routine system operations - and communicates diagnostic messages about them to system administrators and users.

Log4j is everywhere One of the major concerns about Log4Shell is Log4j’s position in the software ecosystem. Logging is a fundamental feature of most software, which makes Log4j very widespread.

DAN HOWLEY: So really, the big risk is that LOG4J is used basically across the entire internet. And the reason why this is a problem is because of how the software can be exploited.

Detected in an extensively used utility called Log4j, the flaw lets internet-based attackers easily seize control of everything from industrial control systems to web servers and consumer electronics.

A vulnerability in Log4j, a humble but widespread piece of software, has put millions of computers at risk.

Log4j is a programming code written in Java and created by volunteers within the Apache Software Foundation to run across a handful of platforms: Apple's macOS, Windows and Linux.

NSCS warns that the Log4j flaw won't be fixed overnight and that defenders could suffer burnout during the process.