Skip to page content
Client Hub Tel 01892 830111

Log4J vulnerability: What it is and what to do about it

By Russell Gower-Leech, Cybersecurity Manager | Published 15 Dec 2021

There have been some interesting developments in the security world over the last few days which we wanted to make you aware of. A recent vulnerability was published in a Java based log processing tool (Log4J or Log4Shell) which has been assigned the highest severity rating.

This vulnerability was detected in November by the Alibaba Security Team and shared with the vendor, Apache Foundation. Since then, they have both worked to fix the issue before it became public knowledge.

Why is the rate so high?  

This vulnerability allows Remote Code Execution (RCE), this means the bad guys can potentially trick apps into running malicious code on those systems.

What does this mean for me?

Unfortunately, the Java Log4j tool is used in a huge number of applications globally, including MineCraft, Apple iCloud and Amazon Web Services (AWS). Generally, cloud service providers have already mitigated or patched this issue, but it is highly likely that on-premise applications are still vulnerable.

What happens next?

We recommend your internal IT team(s) contact your application vendors to confirm if any of the tools they provide you are affected. Whilst it is likely that your application vendors will contact you directly to advise you if you are affected, many are still investigating their products so no news may not equal good news.

As an example, we are aware that Unifi Controllers are affected and that Ubiquity has released a patch as part of the latest version of their controller software.

If you need help implementing any patches or changes advised by your vendors please feel free to reach out to us at security@select-technology.co.uk

It is certain that in the upcoming days and weeks you will start to see your devices and computers start to ask you to perform updates, also known as patching, and it is vital that you perform these as soon as possible.

Would you like to know more about the Log4J vulnerability?


Share this post
Case Studies

Success Stories

Taking Locate in Kent to the next level by migrating to the cloud and implementing Microsoft 365

Cottage Farms

Full Wi-Fi coverage was needed in the new Cold Store to maximise productivity. We came to the rescue

Revolution Events

Revolution Events has been working with Select Technology for nearly 10 years, find out how we have supported their IT needs.

Accreditations

Partner Accreditations and Certifications

Contact us

Get in touch with us