On December 9th, a remote code vulnerability was revealed in Apache’s Log4J, a commonly used logging system used by website developers. The vulnerability is anticipated to have broad impact to public facing web servers and there is significant evidence that threat actors are already exploiting this vulnerability in the real world. The vulnerability, dubbed Log4shell, received significant publicity over this past weekend.
Go West IT has been investigating the potential impact of Log4shell on our environment, across our vendors, and in our customer environments. An initial review of Go West IT systems and Go West IT vendors has not revealed any vulnerabilities in applications used internally at Go West IT or to provide our support services. We will continue to monitor vendor communications regarding this vulnerability and advise if any known incidents or risks are found with this evolving situation.
Go West IT is devising strategies to look for the existence of Log4J across customer environments and we will open support request to address vulnerabilities as they are discovered. Work to remediate the vulnerability is “In-Scope” for customers using Go Managed | Proactive and Go Managed | Comprehensive services. Go West IT will contact customers that are not using these managed services to talk about the labor cost associated with remediation.
If you have specific questions or concerns about your environment as it relates to the Log4j vulnerability, please open a support request by emailing support@gowestit.com or calling our service desk at 303-795-2200, Option 1. If you have questions about, Go West IT’s environment or response to this vulnerability, please contact info@gowestit.com