14 Dec Log4j2 vulnerability (Apache systems and Java-based logging)
If you haven’t already heard in the media, a critical and widespread vulnerability was disclosed on Friday 10 December 2021 in relation to a Log4j2 vulnerability commonly used in Apache systems and java-based logging. The vulnerability allows for remote code execution.
ACSC have listed the alert as critical, and ABC Australia have quoted “The flaw is described as the most critical vulnerability of the past decade and possibly in the history of modern computing”
Synergise IT have already passed all its internal systems that supply services to our clients such as Anti-Malware and Patching. At this stage we are confident we are protected but more information will come to light over the next few days and weeks. We are closely monitoring this condition and treating it as priority 1 critical.
What you need to do
What we cannot action and confirm is how your Line of Business providers are responding and protecting you and we urge you to contact all software and hardware vendors that supply direct to you as a matter of urgency. This should also include your website developer. Feel free to use the template provided below.
Some articles referencing the critical vulnerability below:
https://www.abc.net.au/news/2021-12-11/log4shell-techs-race-to-fix-software-flaw/100692876
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
As always, we are happy to answer any questions you may have.
Template for your provider:
Hi, no doubt you have already heard about the Log4j2 security vulnerability. As a matter of urgency, can you please advise if any systems you supply the business are exposed, and if so what remediation is required and when can it be complete. This is an extremely serious vulnerability, and we need your assurance, or actions, that our business is not exposed by any software, hardware or services you provide our business.