Log4j

We wanted to post an update on the Log4J remote code execution (RCE) vulnerability that was publicly disclosed last week. This post is a summary of an email that we sent to our customers. If you are interested in our managed vulnerability management service be sure and contact us.

First, we wanted to make sure you were aware of this issue if you weren’t already and secondly provide you with a list of actionable steps to make sure that you are protected.

Log4J is a popular Java based logging framework and any system or application that utilizes Java is potentially impacted. Unfortunately, many embedded systems and appliances utilize Java without any outward indication of the use. As such you could have devices or systems utilizing Log4J and not be aware that they are impacted. As such we recommend the following:

1. Scan external and internal systems for potential exposure
2. Review list of impacted vendors to determine your exposure
   1. https://github.com/NCSC-NL/log4shell/tree/main/software
3. Plan and execute patching process for vulnerable systems
4. Verify security devices and software are up-to-date with signatures to block the attacks
   1. https://www.fortinet.com/blog/psirt-blogs/apache-log4j-vulnerability
   2. https://security.paloaltonetworks.com/CVE-2021-44228
   3. https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html
   4. https://www.sentinelone.com/blog/cve-2021-44228-staying-secure-apache-log4j-vulnerability/
5. Verify monitoring processes are working and able to detect attacks

Pinpoint is here to help. If you have any questions about this attack or believe you are impacted please reach out to us.