Cybersecurity Awareness Training Impacts Organizational Resilience Cybersecurity [...]
Log4Shell – Update #2
- Security Advisory Nickname: Log4Shell
- Security Advisory Name: CVE-2021-44228
- Security Advisory Update Number: 2
- Security Advisory Link(s): http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228, https://nvd.nist.gov/vuln/detail/CVE-2021-44228
- Security Advisory Severity: CRITICAL
What has changed since the last update?
- A new 2.16.0+ version of log4j, https://logging.apache.org/log4j/2.x/download.html, has been released by Apache and it should be used instead of the previously released 2.15.0 (mostly applicable to Java software developers)
- No other major new developments have occurred with the vulnerability nor have any related vulnerabilities been found
- Sysoft has proactively patched all the VMWare installations that we manage on behalf of our clients
- Sysoft has deployed a workaround to every current and future device that we manage in our RMM (Remote Monitoring and Management) tool that mitigates the vulnerability
- Sysoft still recommends that you aggressively update all your software as patches or updates become available from vendors.
Do you have any helpful links to additional resources?
Please be advised that the following information is for those with a technical background and may not be of interest to everyone nor necessary. We want to ensure that everyone regardless of your expertise has the appropriate information on hand to potentially deal with the vulnerability beyond the efforts Sysoft has undertaken.
- Datto has released a community tool on GitHub that anyone or any organization can use to assist with their efforts, https://github.com/datto/log4shell-tool
- If you want to know how to test for the vulnerability in your software then this may help, https://log4shell.huntress.com/
- If you want an in-depth article about the Log4Shell with workarounds (including Linux installations) then this may help, https://news.sophos.com/en-us/category/serious-security/
- An interesting solution was discovered which turns the vulnerability against itself to create a “vaccine” of sorts, https://github.com/Cybereason/Logout4Shell
What can you expect next?
- Any important updates concerning the vulnerability
- Sysoft will provide a list of major vendors and their software including others that some of our clients have inquired about in our next update
- Sysoft is investigating a tool that can identify potential traces of exposure and we are looking to run it after hours because it can reduce the performance of devices while scanning
- A note on any additional efforts that we will be undertaking to assist
Who do I contact to discuss this vulnerability?
If you have any questions, comments, or concerns about this security advisory then we would ask that you give us a call at (416) 410-7268 or create a ticket by sending an email to support@sysoft.ca. Depending on your request we are also happy to setup an appointment with you to discuss this vulnerability further given its potential impact.