All the latest information and updates on the Apache Log4j vulnerability

Webpage last updated: 16:28 14/01/2021

Natilik’s priority is to ensure that our clients have all relevant information made available to them to minimise potential impact and risk from the Log4j vulnerability.

Natilik is seeking clarification from all of our main partners and will continue to update this webpage with the most up to date information as it becomes available.

---

Natilik Log4j (CVE-2021-44228) Update – Tuesday, 21^st December 2021

Following the Natilik updates around the Apache Log4j vulnerability last week, the team have put together some further recommendations for our clients with Cisco and Palo Alto technologies. These can be found below:

Cisco recommended actions

Palo Alto Networks recommended actions

Natilik has released a statement of response to the Log4j vulnerability, which can be found here.

---

Natilik Log4j (CVE-2021-44228) Update – Tuesday, 14^th December 2021

Following the Natilik update from 13^th December, we would like to share further information that has been made available throughout the last 24 hours from our partners. Natilik is seeking clarification from all of our main partners and will continue to provide updates throughout the week as they become available.

Natilik’s priority is to ensure that our clients have all relevant information made available to them to minimise potential impact and risk from the Log4J vulnerability.

For clients that subscribe to our vulnerability and patching service, or are hosted on the Natilik platform, please be assured that we are working in the background to implement any recommended remediations or workarounds as published by the vendors. We are working through these as released but please note not all vendors have made recommendations yet.

For all clients supported by our Technical Support Team, we can provide advice on whether you have products that are affected by the Log4J vulnerability assuming the vendor information has been made available.  Please get in touch if advice is required but please bear in mind this may take some time given the widespread nature of this vulnerability.  We are working as quickly as we can on this.

For all other clients who are concerned that they are impacted by the Log4J vulnerability please see the links below and reach out to your account teams as relevant.

---

Natilik Log4j (CVE-2021-44228) Update – Monday, 13^th December 2021

As a client of Natilik, we wanted to proactively bring the Log4j vulnerability issue to your attention. This is a newly discovered vulnerability that affects the Log4j Apache library (used in most Java apps).  Most major software and solution technology vendors are investigating the impact of this vulnerability and the detail surrounding it and it is understood that a large number of products may be affected.  As such Natilik wants to make sure you have as much information available to you as possible.

At this time there are minimal upgrades or patches available but we expect to see these in the coming days/weeks. Investigations are still underway on what the vulnerable versions are and on what tech. In the case of Cisco, an advisory page being updated daily, has been released (below). This details product sets that could be potentially vulnerable but we are awaiting confirmation of these.

Advisories for VMWare and Palo Alto Networks are also provided below.

Vendors have asked to not contact their Technical Support desks to ask for patches at this time and that pro-active communication will be released as soon as further updates are available. As a client of Natilik we will do what we can to assist with regular communication updates once they become available. Please bear in mind that Natilik is not currently able to advise on products and versions that might be affected outside of what is posted in the advisories below.

Natilik will send further updates when additional information becomes available.