HTTP Protocol Stack Remote Code Execution Vulnerability

On 11th January 2022 (as part of patch Tuesday) Microsoft released patches for 97 CVE-numbered vulnerabilities, including a wormable remote code execution in Windows Server (CVE-2022-21907). This means an attacker could utilise the HTTP Protocol Stack (http.sys) on a server inside your network to run malicious code without asking for permission first. The vulnerability has … Read more

Apache HTTPD Vulnerability Threat Report

Apache Log4J Featured image

Apache HTTPD Vulnerability Threat Report Apache HTTPD Vulnerability may allow an attacker to remotely control an affected system. Beyond Cloud. Download Threat Report Apache published information about 2 new vulnerabilities CVE-2021-44790 a remote code execution (RCE) vulnerability in Apache HTTPD & CVE-2021-44224, Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server. … Read more

Apache Log4J Zero Day Vulnerability Update – 23/12/2021

Apache Log4J Vulnerability Update What we are doing Six Degrees CSOC (Cyber Security Operations Centre) are continually monitoring threat intelligence sources for Apache Log4j vulnerability developments and our Threat Response Team are ready to act as new risks and issues are reported. Phishing campaigns remain the primary threat to UK organisations due to volume and … Read more

Apache Log4J Zero Day Vulnerability Update – 20/12/2021

What we are doing Six Degrees CSOC (Cyber Security Operations Centre) are continually monitoring threat intelligence sources for Apache Log4j vulnerability developments and our Threat Response Team are closely reviewing vendor statements as they are released. We are reacting to vendor statements where workarounds, patching and updates have been advised. Where downtime is required, customers … Read more

Apache Log4J Zero Day Vulnerability Update – 16/12/21

16/12/2021 – Important Update CVSS Score Critical Executive Summary Incident response The management and resolution of this issue remains the highest corporate priority within Six Degrees. A dedicated response team is in place to continue analysing the scale of impact, co-ordinating our response actions and ensuring we deliver a resolution as soon as possible. We … Read more

Apache Log4J Zero Day Vulnerability Update – 14/12/21

Our risk assessment of vulnerable technologies continues, in collaboration with our technology partners and vendors. Our identification of vulnerabilities within our Cloud and Connectivity technologies is considered complete, while investigation continues across our wider portfolio. This allows us to confirm: Connectivity:  At present we have reviewed 90% of our core products and no vulnerabilities identified Private Cloud: … Read more

Apache Log4J Vulnerability Threat Report

Apache Log4J Featured image

Apache Log4J Vulnerability Threat Report A vulnerability in the Log4J logging library allows an attacker to perform remote code execution and gain complete access to a target system. Beyond Cloud. Download Threat Report A vulnerability in the Log4J logging library allows an attacker to perform remote code execution and gain complete access to a target … Read more

Apache Log4J Zero Day Vulnerability

Executive Summary A vulnerability in the Log4J logging library allows an unauthenticated attacker to perform remote code execution and gain complete access to a target system via a vulnerable version of the Log4J library. Any application that uses Log4J is potentially affected. Six Degrees is aware of the ongoing situation. We are actively working with … Read more