CISA has issued an emergency GOVT directive for LOG4J zero-day exploits circulating actively in the wild on unpatched Apache servers

CISA Issues ED 22-02 Directing Federal Agencies to Mitigate Apache Log4j Vulnerabilities | CISA

Mitigating Log4Shell and Other Log4j-Related Vulnerabilities | CISA

CISA has issued Emergency Directive (ED) 22-02: Mitigate Apache Log4j Vulnerability, directing federal civilian executive branch (FCEB) agencies to address Log4j vulnerabilities—most notably, CVE-2021-44228.  Although ED 22-02 applies to FCEB agencies, CISA strongly recommends that all organizations review ED 22-02 for mitigation guidance. For additional details, see CISA’s webpage Apache Log4j Vulnerability Guidance.