Log4Shell – Update #2

Security Advisory Nickname: Log4Shell

Security Advisory Name: CVE-2021-44228

Security Advisory Update Number: 2

Security Advisory Link(s): http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228, https://nvd.nist.gov/vuln/detail/CVE-2021-44228

Security Advisory Severity: CRITICAL

What has changed since the last update?

A new 2.16.0+ version of log4j, https://logging.apache.org/log4j/2.x/download.html, has been released by Apache and it should be used instead of the previously released 2.15.0 (mostly applicable to Java software developers)

No other major new developments have occurred with the vulnerability nor have any related vulnerabilities been found

Sysoft has proactively patched all the VMWare installations that we manage on behalf of our clients

Sysoft has deployed a workaround to every current and future device that we manage in our RMM (Remote Monitoring and Management) tool that mitigates the vulnerability

Sysoft still recommends that you aggressively update all your software as patches or updates become available from vendors.

Do you have any helpful links to additional resources?

Please be advised that the following information is for those with a technical background and may not be of interest to everyone nor necessary. We want to ensure that everyone regardless of your expertise has the appropriate information on hand to potentially deal with the vulnerability beyond the efforts Sysoft has undertaken.

Datto has released a community tool on GitHub that anyone or any organization can use to assist with their efforts, https://github.com/datto/log4shell-tool

If you want to know how to test for the vulnerability in your software then this may help, https://log4shell.huntress.com/

If you want an in-depth article about the Log4Shell with workarounds (including Linux installations) then this may help, https://news.sophos.com/en-us/category/serious-security/

An interesting solution was discovered which turns the vulnerability against itself to create a “vaccine” of sorts, https://github.com/Cybereason/Logout4Shell

What can you expect next?

Any important updates concerning the vulnerability

Sysoft will provide a list of major vendors and their software including others that some of our clients have inquired about in our next update

Sysoft is investigating a tool that can identify potential traces of exposure and we are looking to run it after hours because it can reduce the performance of devices while scanning

A note on any additional efforts that we will be undertaking to assist

Who do I contact to discuss this vulnerability?

If you have any questions, comments, or concerns about this security advisory then we would ask that you give us a call at (416) 410-7268 or create a ticket by sending an email to support@sysoft.ca. Depending on your request we are also happy to setup an appointment with you to discuss this vulnerability further given its potential impact.