Log4j advisory – December 2021
You may have seen in the press about a new, extremely severe Java vulnerability called Log4j that can affect all Windows computers, including fileservers, laptops and PCs. It has put some of the biggest services in the world such as Amazon, Twitter, and Apple iCloud at risk. (Articles here: Microsoft and National Cyber Security Centre (NCSC))
The vulnerability is serious because it could allow hackers to control java-based programs and launch what are called ‘remote code execution’ (RCE) attacks. In simple words, the vulnerability could allow a hacker to take control of a system that is visible from the Internet.
There is a list of software known (so far) to be affected https://github.com/NCSC-NL/log4shell/tree/main/software although this is subject to change. We have already been in contact with the customers we know could be affected by this. If your fileservers are monitored by us, we are also checking them right now for the affected Java programs.
Our Technical Director Andrew Charlesworth advised, “This is a quickly-changing situation and we are keeping a close watch on developments. If your business runs SAP, Nutanix, Red Hat or Fortinet software please contact us immediately and we will arrange for the latest security patches and updates to be installed.”