16/12/2021 – Important Update
CVSS Score Critical
The management and resolution of this issue remains the highest corporate priority within Six Degrees. A dedicated response team is in place to continue analysing the scale of impact, co-ordinating our response actions and ensuring we deliver a resolution as soon as possible.
We are making progress
- We have reviewed over 250 technologies that form part of our service offering
- We have begun implementing vendor workarounds on technologies that have been identified as vulnerable, which provides partial mitigation
- We are reliant on the vendor providing patches to provide full mitigation. As soon as these are released, we will be scheduling patching and providing an update
We are not complacent
We know that the security of your digital estate and data is invaluable to any modern business. For this reason, we will not rest until we have absolute clarity on the status of all technologies and that we have patched these in line with vendor guidance. We are also ensuring our core security infrastructure provides as much protection as possible to any exposed technology and using our own security expertise to ensure we leave no stone unturned.
The NCSC (National Cyber Security Centre) reports that scanning and attempted exploitation are being detected globally, including in the UK. Six Degrees’ CSOC will continue to monitor such attacks for our supported customers.
A detailed list of software that has been confirmed as vulnerable and those that are currently under investigation may be found in point 4.
To assist further we have shared some links below that may be beneficial while carrying out research across your technology space and with all your providers.