Federal agencies on Friday were ordered by the Department of Homeland Security to investigate and patch systems against the Apache logging library Log4j vulnerability that has been flagged by cybersecurity experts in recent days. The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency order calling on agencies to immediately patch their network assets that connect to the Internet or implement other mitigation measures. Federal civilian agencies would have until Dec. 24 to implement the changes, noting the directive “is in response to the active exploitation by multiple threat actors of vulnerabilities found in the widely used Java-based logging package Log4j.” The agency will provide a report in February to the Department of Homeland Security, which oversees CISA, and to the Office of Management and Budget. “CISA has determined that this vulnerability poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action,” CISA’s directive said. “This determination is based on the current …