What Is the Log4J Vulnerability?

By Sophie Van Remortel | Digital Marketing & Content Coordinator

 

 

Log4J is a free and open-source logging library widely used by companies large and small. Officially designated CVE-2021-44228, the 0-day vulnerability was first publicly disclosed on December 9th, 2021. Bitdefender researchers stated that exploitation of the bug allows cybercriminals to “download and run scripts on targeted servers, leaving them open to complete remote control.” Meaning that attackers can remotely exploit it without any input from the victim, and it doesn’t require high-level technical expertise to pull off. For these reasons, the Log4J Vulnerability has received the highest severity rating on the Common Vulnerability Scoring System Scale – a 10/10. 

While emergency patches and updates started being issued almost immediately, experts fear that this is just the beginning as a second vulnerability (CVE-2021-45046) has already been discovered. So what is SWICKtech doing to help mitigate risks? 

 

  1. SWICKtech reviewed managed FortiGate firewalls for all contracted agreement clients. Where necessary, security patches that were released by manufacturers were updated. The patches allow for the firewalls to scan for the vulnerability and help stop them at the network level. Applications and ERP systems that use Log4j are being reviewed by many vendors in response. It is critical organizations keep a watchful eye out for any correspondence for direction from software vendors to update software versions or suggestions to limit exposure to the vulnerability. Should you or your employees receive notes from a software vendor in response to Log4j, please forward to helpdesk@SWICKtech.com and our SWICKtech  Security and Operations Center (SOC) will review.  

  1. SWICKtech SOC has reviewed all SWICKtech software on customer systems for this vulnerability to ensure there are no issues. In addition, our detection and prevention systems are already updated to detect any issues if they arise. 

 

As we learn more about the vulnerability, we will be diligently staying on top of this for our clients. Thank you for placing your trust in SWICKtech. Your security and data are important to us. You can learn more about this vulnerability here. If you have any questions regarding your systems or this vulnerability, please contact us at 414-527-9266, option 1 or Helpdesk@SWICKtech.com.

Stop potential hackers in their tracks.

 

Contact Us Today!
 

 

Related Blogs

Please wait while we gather your results.

HiveNightmare aka SeriousSAM Vulnerability

Microsoft has issued an urgent security notice regarding HiveNightmare (also known as SeriousSAM), which is a vulnerability that can allow a regular user unintended administrative access to an organization’s network.

Read More

Urgent Security Notices Issued for Microsoft’s PrintNightmare

Early the week of July 6th, US-CERT, CISA, and Microsoft issued urgent security notices regarding PrintNightmare.

Read More

Four Ways To Make Sure Your Passwords Are Secure

Here are four ways to make sure your passwords are secure

Read More

Sign Up for Our E-Newsletter

BBB accredited

© 2021 Swick Technologies, LLC.
top
Free Consultation!
Close Panel

Five Minute Consultation

We'd be happy to have a free, no-strings-attached consultation to talk about any IT or technology issue that you're having at your organization. Fill out the form below or reach us by phone during business hours at (262) 333-0222.

Swick Technologies

15700 W Cleveland Ave
New Berlin, WI

Sales: 262.333.0222
Help Desk: 414.257.9266

Swick Technologies LLC BBB Business Review