Apache Log4J Zero Day Vulnerability Update – 23/12/2021

Home » Company updates » Apache Log4J Zero Day Vulnerability Update – 23/12/2021

Apache Log4J Vulnerability Update

What we are doing

Six Degrees CSOC (Cyber Security Operations Centre) are continually monitoring threat intelligence sources for Apache Log4j vulnerability developments and our Threat Response Team are ready to act as new risks and issues are reported.

Phishing campaigns remain the primary threat to UK organisations due to volume and capability of malware to launch ransomware attacks. We encourage our clients to continue taking all available steps to protect your organisation from phishing emails.

What we have done

We have successfully actioned the available Log4j workarounds, patching and updates provided by our technology vendors as at 3pm 23 December.

The vulnerable technologies

We have completed our review of over 250 technologies to assess their vulnerability to the Log4J threat.
Key areas impacted include our Enterprise Cloud Platform (VMWare) and Avaya unified communication

Enterprise Cloud

- We have completed the first workaround released by VMWare in relation CVE-2021-44228. *
- We have completed the second VMWare workaround in relation to CVE-2021-45046. *
- As soon as a full patch is released, we will be ready to deploy, including over the Christmas period.
  * The Enterprise Cloud workarounds have been completed without notification as they have not required downtime.

Avaya Unified Communication

- All relevant Avaya clients have had mitigation applied against the Log4j vulnerability

What you can do

Communicate the need for high security discipline within your organisation to protect against phishing campaigns.
Review your entire estate (not just Six Degrees managed) using this list to ascertain if you have vulnerabilities
https://github.com/NCSC-NL/log4shell/blob/main/software/README.md#m
Where you have relationships with vendors, monitor their statements and act accordingly to their recommendations
Act on our technical Apache vulnerability advice below
Keep up to date with Six Degrees progress via our information hub

What’s next

We will continue to monitor the situation and provide updates via our Information hub.

Subscribe to the newsletter today

New Senior Appointments: ‘Transforming to Scale’

Six Degrees appoints new Chief Revenue and Chief…

Find out more

Cyber Security Maturity Assessment

Fortify your organisation’s security posture by evaluating your…

Find out more

Like this article?

Company No.:	03036806
VAT No.:	135526617
Tel:	0800 012 8060
Tel:	+44(0)20 7858 4000
Email:	info@6dg.co.uk

Six Degrees, Commodity Quay,
St Katharine Docks,
London, E1W 1AZ

Capabilities

Resource Hub

Privacy Overview

More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.

Necessary

Always Enabled

Non-necessary

Functional

Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_cfuvid	session	Cloudflare allows the Cloudflare WAF to distinguish individual users who share the same IP address.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Performance

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_UA-26222241-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
ln_or	1 day	LinkedIn registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator.
lo-uid	2 years	Lucky Orange to provide marketing tracking unique id
lo-visits	2 years	Lucky Orange to provide marketing tracking across pages
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Cookie	Duration	Description
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.

Others