Over the last weekend a security flaw was discovered in a software component known as Log4J. This flaw has the potential to allow an attacker to compromise an exposed system and gain administrator level access to this system.
What is Log4J?
Log4J is a component used by some software written in the Java programming language. Java is used heavily by many Internet/Cloud based systems, though less so these days with on-premise systems.
Are my systems at risk?
As Log4J is used extensively in multiple products this is not an easy question to answer. However, there are a couple of things to consider.
Yorb Provided Systems
Yorb has reviewed the systems we use to manage and support our clients; these have been identified as safe and are not exposed to the flaw.
Microsoft 365 and Office Software
These systems are NOT written in Java and are therefore safe from this threat.
Other Software / Third-Party Systems
This is an evolving situation; we are continuing to evaluate the situation and seek to identify potential risks within our Managed Services Clients infrastructure. We are encouraging clients to reach out to their software vendors. The vendors for your specific software will be best placed to advise what components are utilised within their development and if any updates are required. This includes both Cloud provided software and on-premises software.
Next Steps & How you can help
Identify, and reach out, to your third-party software or system providers to seek assurances from them that their software is not impacted. If you have any questions, please do feel free to reach out to your Yorb Client Manager to discuss your situation further or call us on 0800 600 606.
Regards The Yorb Team