Log4Shell Vulnerability Update 01/07/2022
On December 9th, a remote code vulnerability was revealed in Apache’s Log4j, a commonly used logging system used by website developers and leveraged in a wide range of hardware and software products. Apache has released updates to mitigate the Log4j vulnerability. Additional information about the vulnerability can be found at the following link:
Log4j – Apache Log4j Security Vulnerabilities
Go West IT has completed our internal investigation of potential exposure resulting from the Log4j/Log4Shell vulnerabilities. Go West IT has not identified any material exposure to the Log4j vulnerability within our internal systems, critical vendors, software, or platforms used to deliver services to Go West IT customers. 100% of Go West IT critical vendors have indicated they either do not have exposure to the Log4j vulnerability or that exposure to the vulnerability has been patched or removed and thereby mitigated.
Go West IT has not found any evidence that Log4j vulnerability has been exploited in our systems and has not been notified by any of our critical vendors that they have found evidence of any Log4j exploitation.
Assessment of this vulnerability is ongoing and Go West IT will notify customers if a Log4j vulnerability or exploitation is discovered in any of our systems or is reported by any of our critical vendors.
Detection & Mitigation Work in Go West IT Customer Environments
For customers that subscribe to one of our three managed service offerings (Go Managed | Essential, Go Managed | Proactive, and Go Managed | Comprehensive), Go West IT has utilized our remote monitoring and management agent (RMM) to aid in detecting vulnerable systems and software. Go West IT has also leveraged an RMM component to detect potential exploitation of the vulnerability, and to inoculate Windows Server operating systems against Log4j attacks. Investigation and mitigation efforts are being documented in support requests. Mitigation efforts in customer environments have been focused first on critical infrastructure components including servers and firewalls with particular focus on systems that have a public IP (Internet Protocol) address assigned or that are accessible via the public Internet (e.g., servers hosting websites and firewalls).
The Go Secured | Detect & Respond service is detecting the presence of Log4j on desktop platforms (Mac & PC) and support requests are being opened for each of these detections. The most common mitigation action for potential Log4j vulnerabilities on workstations is to update or uninstall the software that utilizes Log4j. Workstations that are not directly accessible from the public Internet are at a much lower risk of exploitation but still warrant investigation.
Go West IT is in the process of using the RMM component to inoculate Windows desktop operating systems against Log4j exploitation. This is accomplished by making a registry change on desktop operating systems. Go West IT is also assessing the value of scanning desktop operating systems for evidence of compromise using the RMM component. Compromise scanning requires the installation of additional pre-requisite software and will only provide a point in time indication of compromise. Customers interested in real time detection of potential compromise should consider utilizing the Go Secured | Detect & Respond service.
Customers that leverage Go West IT on a time & materials basis must contact Go West IT to request assistance in identifying and remediating Log4j vulnerabilities. No proactive investigation is being done for time & materials customers that have not specifically asked for assistance.
Investigation efforts to identify vulnerable systems in customer environments is being done “in-scope” for all managed service customers. Mitigation labor to update or remove vulnerable software is in-scope for customers using our Go Managed | Proactive and Go Managed | Comprehensive services. Customers using the Go Managed | Essential service will be contacted for approval of out-of-scope labor to address discovered Log4j vulnerabilities. Multiple patch versions have already been released (Log4j 2.15, 2.16, and 2.17) and it is important to know that ongoing patching may be required.
All customers may engage Go West IT to conduct network vulnerability scans to detect the presence of vulnerable Log4j software on systems that are not running the RMM agent such as network attached storage devices, IoT devices, NVR systems, video conferencing equipment, and other network peripherals.
Customers with questions or concerns about the Log4j vulnerability in their environments should open a support request.
Customers with questions or concerns about Go West IT’s response to and handling of the Log4j vulnerability may call our office and ask to speak with the President of Go West IT.