Log4j Vulnerability Notice

December 15, 2021

Last week, a vulnerability, tracked by CVE-2021-44228, was found in Apache Log4j, a Java-based logging library that is widely used in application development and directly embedded in software applications. If exploited, the vulnerability allows remote code execution against Java applications using Log4j.

While the vulnerability is determined to be severe in nature, a patch for the exploit has been released. We strongly encourage organizations to take the steps necessary to quickly identify, mitigate, and patch affected products and applications using Log4j.

We recommend referring to the guidance outlined by CISA, as well as reviewing the security notices published by Cisco and Microsoft.

As a Gold Cisco Partner, Microsoft Cloud Solution Provider, and Azure Expert MSP, Core BTS remains committed to our client’s business and IT security. Our team is actively mitigating risk for client organizations by doing the following:

  • Working directly with impacted clients to patch custom applications that use Log4j
  • Closely monitoring third party applications and web services on behalf of Managed Services clients
  • Using best practices and tools to manage, monitor, detect, and respond to malicious activity
  • Verifying compliance with Cisco and Microsoft security requirements

We strongly encourage all organizations to quickly identify, mitigate, and patch affected products and applications using Log4j.

If you need help implementing risk mitigations, hardening your environment, or investigating suspicious behavior, our team is standing by to help.

Subscribe to our Newsletter

Stay informed on the latest technology news and trends

Relevant Insights

Cybersecurity Myth Busted: We’ll Just Pay the Ransom

When organizations downplay security by claiming they’ll “just pay the ransom to make it go away”, they’re assuming that cyber...

9 New Updates to Microsoft Teams | January 2022

Welcome to 2022 and another new year of new Teams features. This month is stacked with Microsoft Teams Meeting enhancements...

Cybersecurity Myth Busted: We’re Not a Target

Every organization has some type of value to attackers. There's a monetary or intellectual gain that every organization can provide...