The White House ordered Commerce and Homeland Security to examine weak spots in how the IT and communications industries produce hardware and software.
Potential intruders are still scanning for the bug every day, but the company says many vendors have been on top of fixing vulnerable instances of Log4j software.
The joint agencies "assess that exploitation of these vulnerabilities, especially Log4Shell, is likely to increase and continue over an extended period."