Mainstream media is abuzz with the latest software vulnerability. It is in a commonly used component called Log4J 2.
This component is in widespread use and the risk is real. This is a fast paced and quickly changing alert. At the time of writing, the immediate risk is when it is used on applications and websites available on the internet. The biggest risk will come from internal services which can be accessed across the internet, where it could give a hacker the potential to gain access into your network.
Is there a “Work From Home” risk?
The majority of work-from-home staff are accessing the network using either a Remote Desktop (RD) Gateway and/or a VPN. At the time of writing these are not known to be at risk.
Log4j 2 is Java/Apache service and can be built into applications. When it is embedded into an application, we need the application software vendor to release a fix. Java itself is also installed on almost every Windows device.
Our Kinetics KARE includes patching of Java for Core Fundamentals and Premium KARE clients. The KARE team are urgently pushing out the latest Java versions to all devices covered by Core Fundamentals and Premium KARE.
Almost every company has a public website. The best course of action is to contact your web developer directly and seek their assurance that your web site is not at risk.
KARE for Security Clients
KARE for Security S2 clients have internet-based vulnerability scans on their public IP addresses. We are urgently reviewing the latest version of these and confirming any open ports. We will then be contacting any identified vendors for a update on their products. We have also added in extra scan cycles for these clients.
For KARE for Security S1 clients where we supply their firewall or firewall firmware upgrades: We are reviewing the incoming connections and contacting vendors for information about their products. Clients will be contacted as information becomes available.
Major Line of Business Applications
It is uncommon for Line of Business applications to be directly exposed to the internet.
We expect to see many providers releasing updates to their products, and these will need to be applied. Kinetics is working though these seeking advice from vendors and will contact impacted clients as information becomes available. Priority must be given to applications with an internet accessibly interface.
There are tools available that will test for this software vulnerability. Kinetics is warning that a receiving a pass result does not prove that you are safe. We have already been warned of one application which only exposes the vulnerable code occasionally during normal operations. This makes any test result unreliable.
We are working through KARE clients assessing risks. The best response is to ensure we have updated your platform, but we also need your software suppliers to check their software and issue any necessary updates