Security researchers reported a major security vulnerability that could be software on a Server, PC/Mac computer, part of a device on your network or part of a cloud service. Details are fuzzy, AND there have been updates where a second flaw was discovered after the original fix. More technical details can be found here.
How You Can Protect Yourself And Your Organization:
We have compiled a short list of common vendors and their statements to share with our clients. Feel free to use any way this can assist you in your remediation efforts. If you’re a Fulcrum Group SPOT Managed IT Services client, please know that we are actively working to identify locations in your IT environment where the Log4shell vulnerability exists.
Now that we have an organized second draft of the list of common vendors and their statements, our basic mitigation steps are:
- List of common vendors and their statements - https://www.fulcrum.pro/wp-content/uploads/2021/12/Fulcrum-Log4Shell-Vendor-Statements-Dec-2021.pdf
- Running a script against Windows workstations to test for Windows apps that might be vulnerable (requires current version of C++)
- Pulling network inventory reports, to compare against industry standard devices, to look for known vulnerable items,
- Checking with clients on Linux based devices or IoT devices, to engage their vendor to test/mitigate.
- Work with off the shelf vendors for fixes or coordinate with manufacturers for their resolution.
CISA is recommending:
- Fix or replace public facing systems that are vulnerable (externally available)
- Tune or add security alerts on devices with the vulnerability (using SIEM or CyberSOC)
- Install a firewall (enable firewall) between vulnerable systems and the Internet
However, you may also have IT or cloud vendors that we don’t know about with hosted versions of vulnerable applications. We’ll need your help in contacting those vendors to determine if any of their systems have the log4shell vulnerability, and if they do, what their remediation plan is. You might be able to just Google the vendor or product name and the word log4j, and it might come up with a published stance.
We recommend you ask all users to reboot their machines at least 1 day a week over coming weeks while your internal IT teams of Fulcrum support teams might apply updates. Let us know what else we can do to support your operations during this challenge to cybersecurity.
Reach out to your Fulcrum Group Account Manager or Fractional CIO for further assistance or information.