By now, most of you will be aware of the recently disclosed vulnerability in a commonly used Java-based logging package called Log4J. The disclosure was made on 9th December, and since then, we’ve been working with our partners and vendors to identify affected systems.
For our fully managed clients, we’re performing a full scan of their infrastructure to search for the vulnerabilities and implement a simple fix for affected machines using our Remote Management and Monitoring (RMM) tools. Further to this, as we detect vulnerable devices we will take steps to permanently remediate them with software patches and updates as they become available.
Along side this we’ve been compiling a list of vendors and partners security statements that we are closely monitoring and keeping track of. This helps us identify products with known vulnerabilities and alerts us as and when patches and updates become available.
We’re finding that the vast majority of standard business laptops and desktops with standard software installed are not affected.
Below is a list of a few reputable websites with information to explain the vulnerability in more detail:
https://www.bbc.co.uk/news/technology-59638308
https://www.wired.com/story/log4j-log4shell/
https://blog.cloudflare.com/inside-the-log4j2-vulnerability-cve-2021-44228/
https://nakedsecurity.sophos.com/2021/12/13/log4shell-explained-how-it-works-why-you-need-to-know-and-how-to-fix-it/
https://isc.sans.edu/diary/28120
If you have any concerns on how the Log4Shell vulnerability might affect your company, then please contact us on 01993 880 980 for more information.
Finally, if you and not currently a Kriston Technology customer, and think your business deserves better IT support, then call Kriston Technology on 01993 880 980, or sign up for our Free IT Health Check.
Stay safe,
The Kriston Technology Team
Comments are closed