Critical Security Vulnerabilities
Due to Apache’s logging tool Log4j

Log4shell is a critical vulnerability in the widely-used logging tool Log4j, which is used by millions of computers worldwide. This vulnerability can be exploited by hackers to take complete control over the system.

The Log4j tool is part of the Apache library so is potentially more likely to be running on Linux servers; however, as it is a Java vulnerability – with Java capable of running across multiple platforms – both Windows and Apple servers could all be equally as vulnerable as Linux ones.

What should you do?

• Confirm that your IT team and security team (or vendor) are aware of the problem and have patched or fixed any potential vulnerabilities
• Assess any potential exposure from internally developed applications
• Contact your hardware and software vendors to check their potential exposure to it
• Have a plan to deploy updates after assessing all the above

Further support to solve Log4j exposure

• Apache has published its own security advisory and support page here
• Github has a list of over 180 vendors with links to their guidance and Log4j support pages here
• Here in the UK, the National Cyber Security Centre (NCSC) have published further guidance here