Log4Shell: Log4J 0-Day Response Update
By Tim Panagos
Microshare engineering has completed a thorough audit of our services and software and has found limited exposure to the much publicized, critical vulnerability in the open-source Apache Log4j framework.
The Log4J 0-Day that was publicly disclosed on December 9, 2021, with an additional, lower-risk vulnerability disclosed on December 14, 2021. The critical vulnerability (CVE-2021-44228) can be exploited in an exposed system to allow malicious actors to control systems remotely or exfiltrate data.
Here is what you need to know:
Microshare does not use Log4J libraries in our core systems. Our data and yours are safe from external exploit.
Microshare provided gateways and devices are not subject to Log4J vulnerabilities. Your network is secure from exploit.
We have found Log4J running within one of our vendor’s software that provides application performance monitoring to our platform engineering team. These monitoring agents are not exposed outside of our private network, making the potential for exploitation highly unlikely. Our vendor provided a validated update on December 14, 2021. We will patch the affected service with an off-cycle patch today, December 16, 2021, to close any potential route to exploit.
You can get up to the minute details on system availability and release status at our login & status page.