Apache Log4J Zero Day Vulnerability Update – 23/12/2021

Apache Log4J Vulnerability Update

What we are doing  

Six Degrees CSOC (Cyber Security Operations Centre) are continually monitoring threat intelligence sources for Apache Log4j vulnerability developments and our Threat Response Team are ready to act as new risks and issues are reported.

Phishing campaigns remain the primary threat to UK organisations due to volume and capability of malware to launch ransomware attacks.  We encourage our clients to continue taking all available steps to protect your organisation from phishing emails.

What we have done 

  • We have successfully actioned the available Log4j workarounds, patching and updates provided by our technology vendors as at 3pm 23 December.

The vulnerable technologies

  • We have completed our review of over 250 technologies to assess their vulnerability to the Log4J threat.
  • Key areas impacted include our Enterprise Cloud Platform (VMWare) and Avaya unified communication

Enterprise Cloud  

    • We have completed the first workaround released by VMWare in relation CVE-2021-44228. *
    • We have completed the second VMWare workaround in relation to CVE-2021-45046. *
    • As soon as a full patch is released, we will be ready to deploy, including over the Christmas period.
      * The Enterprise Cloud workarounds have been completed without notification as they have not required downtime.

Avaya Unified Communication  

    • All relevant Avaya clients have had mitigation applied against the Log4j vulnerability

What you can do  

  • Communicate the need for high security discipline within your organisation to protect against phishing campaigns.
  • Review your entire estate (not just Six Degrees managed) using this list to ascertain if you have vulnerabilities
    https://github.com/NCSC-NL/log4shell/blob/main/software/README.md#m
  • Where you have relationships with vendors, monitor their statements and act accordingly to their recommendations
  • Act on our technical Apache vulnerability advice below
  • Keep up to date with Six Degrees progress via our information hub

What’s next 

We will continue to monitor the situation and provide updates via our Information hub.

Subscribe to the newsletter today

Related posts

New Senior Appointments: ‘Transforming to Scale’

New Senior Appointments: ‘Transforming to Scale’

Six Degrees appoints new Chief Revenue and Chief

Aegis Cyber Security Maturity Assessment

Aegis Cyber Security Maturity Assessment

When you book an Essential Cyber Security Maturity

Want to find out how your cyber security stacks up?

Take our free Cyber Security Maturity Assessment today.