Apache Log4j zero-day vulnerability AKA Log4Shell 2 (December 2021)

In Financial Services Technology by Matsco Engineering Team

 

A vulnerability in Apache’s popular logging tool Log4j which is utilised in many applications across the internet in conjunction with Java has been identified and widely exploited in the last few days. Multiple software platforms and hardware vendors are affected.

Matsco has been reviewing internal and client systems and can provide the following information:



  • Sophos Intercept X and Symantec antivirus are not vulnerable and both protect Servers and Workstations from the vulnerability.
  • N-Central, Matsco's Remote Management and Monitoring tool (formerly part of Solarwinds) is not vulnerable
  • Meraki devices and Cisco AnyConnect client are not vulnerable
  • Duo and Umbrella vulnerabilities have been remediated
  • Citrix NetScaler is not affected, however other non-internet facing services are reported as under investigation
  • Cisco Firewalls are likely to be affected. No workaround or patch has been provided by Cisco as yet and Matsco continue to monitor the situation
  • VMWare VCenter is affected, VMWare have released a work around which is currently being testing in our Private Cloud Environment. On confirmation of successful testing our environment will be patched within 24 hours. No services affected by this vulnerability are internet facing. For customers with VCenter installed, Matsco will be in contact to arrange remediation
  • Windows servers and workstations: Apache's Log4j tool does not come as standard with Operating Systems however may be bundled into software using Java or Apache. For full support clients, Matsco is currently reviewing installations of Java and Apache and will contact you if we believe there is a possibility software is affected

Matsco is continuing to monitor the situation and will provide further updates as they come to hand.  

Please contact the Matsco Solutions team on the below if you would like any further information or would like to schedule a maintenance.

support@matscosolutions.com

Beijing  +86 400 120 2782
Hong Kong  +852 8101 8418
London   +44 (0)20 7821 4950
New York  +1 866 446 9226
Singapore  +65 6100 1090

Share this Post