Last week, a vulnerability, tracked by CVE-2021-44228, was found in Apache Log4j, a Java-based logging library that is widely used in application development and directly embedded in software applications. If exploited, the vulnerability allows remote code execution against Java applications using Log4j.
While the vulnerability is determined to be severe in nature, a patch for the exploit has been released. We strongly encourage organizations to take the steps necessary to quickly identify, mitigate, and patch affected products and applications using Log4j.
We recommend referring to the guidance outlined by CISA, as well as reviewing the security notices published by Cisco and Microsoft.
As a Gold Cisco Partner, Microsoft Cloud Solution Provider, and Azure Expert MSP, Core BTS remains committed to our client’s business and IT security. Our team is actively mitigating risk for client organizations by doing the following:
- Working directly with impacted clients to patch custom applications that use Log4j
- Closely monitoring third party applications and web services on behalf of Managed Services clients
- Using best practices and tools to manage, monitor, detect, and respond to malicious activity
- Verifying compliance with Cisco and Microsoft security requirements
We strongly encourage all organizations to quickly identify, mitigate, and patch affected products and applications using Log4j.
If you need help implementing risk mitigations, hardening your environment, or investigating suspicious behavior, our team is standing by to help.