MWT guidance regarding "Log4J" software vulnerability
MWT guidance regarding "Log4J" software vulnerability
Dear MWT Client:
You may have seen or heard about a significant security vulnerability in the past few days, and I want to provide an update regarding this important situation. As this is a complex issue, I will attempt to distill this to its most fundamental and relevant points.
A significant security vulnerability has been identified in the “Log4J” software package. This package is a Java software library, or a building block of an application, that is part of the open-source Apache software foundation. This library is commonly used when application vendors build software using Java code. The identified exploit has the potential to allow a malicious attacker complete control over a vulnerable system on which the affected application resides.
The issue is not like many other common vulnerabilities whereby a single application or vendor is impacted. In these cases, the vendor releases a patch to their software and one can then consider themselves protected after implementing said patch. Unfortunately, in this case, the issue is not vendor specific. It is up to every software vendor to state whether their product utilizes the compromised library and, if so, how they are mitigating the issue.
I want to assure you that MWT is working with our primary software vendors to ensure that the software we run to monitor and manage customer systems has been either confirmed not vulnerable to this issue, or is vulnerable and has been mitigated.
- Our remote monitoring and management (RMM) system has been confirmed by the vendor to not be impacted by this vulnerability.
- Our password management vendor has confirmed that it is not impacted by the vulnerability
- Our ticketing system vendor has confirmed potential impact within their search functionality. We have followed their guidance and disabled this feature. We anticipate a future software update that will restore the search functionality without exposing the vulnerability.
Because this issue impacts a popular software development library, there is no master list of impacted applications. It is up to every software vendor to identify impacts and release appropriate fixes as quickly as possible. Please note the following guidance as it pertains to your systems and those of your employees:
- Servers and workstations under MWT management will continue to be patched regularly. If we note vendor-released patches that specifically address this issue, we will be pushing out-of-band updates to your systems. This means that we will push the updates as soon as they are available and will not wait for the standard patching window. For the near term, if your protected workstations are prompting for a reboot, please do so immediately and do not defer the reboot to a later time.
- MWT is cross-referencing software on all customer’s servers and updating them on an accelerated “patch detect and install” schedule.
- If you have internal or partnered software/web developers that maintain your organization’s custom applications or websites, please consult them and inquire if your custom systems utilize the Log4J software package. If so, they are responsible for patching the applicable systems ASAP.
In times like this we are especially grateful that we partner with Huntress Labs, the leading Cybersecurity and Breach Detection firm. If you subscribe to the MWT Enhanced Security Bundle, know that you are receiving the benefits of advanced insight into this issue and that we may receive early warning detections of impact from Huntress if your systems show signs of a compromise related to this vulnerability, potentially even before the software vendor discloses the issue. In such an event, we will contact you directly to discuss the impacted software and your options for mitigation.
For any non-managed or personal systems, please ensure that you are patching your operating systems regularly and that you check for updates within the individual software programs that you use.
Thank you for your patience and rest assured that your MWT-managed systems are being protected in accordance with known best-practices and professional guidance regarding this issue.
For MWT managed customers, please note that this message is being sent to primary customer contacts. Please distribute this information to your users at your discretion.
Please contact us at techsupport@madwolf.com or consult your account representative if you have further questions regarding this vulnerability.
Thank you,
Steve Parker :: Vice President, Information Security and Infrastructure :: MadWolf Technologies
1103