Log4j Vulnerability: MSP Software Companies Respond to Log4Shell

Auvik Networks, ConnectWise, Datto, Kaseya, Liongard, N-able, NinjaOne and Pax8 are among the MSP software companies and SaaS marketplace providers to issue statements about the widespread Log4j vulnerability (aka CVE-2021-44228), also known as Log4Shell.

Related Update: Log4j vulnerability timeline — from discovery to exploits to ongoing mitigation.

The Log4j vulnerability allows unauthenticated remote code execution (RCE) on any Java application running a vulnerable version of Apache’s Log4j 2, BlackPoint Cyber told MSSP Alert.

In a statement, the Cybersecurity and Infrastructure Security Agency (CISA) on December 11, 2021 called the Log4j vulnerability a “severe risk” and offered this four-step guidance to patch Log4j and mitigate potential Log4Shell cyberattacks.

Still, the worldwide Log4j software cleanup could take months, SC Media reported, because thousands of third-party software products run the code.

Amid that backdrop, many MSP software companies have been checking their code for potential exposure to the vulnerability. For MSPs, the status updates and associated vendor guidance could help the overall managed services industry to avoid potential supply chain attacks related to Log4j.

Log4j and MSP Software Provider Statements

The statements from various MSP software, platform and marketplace companies include:

Log4j Patches and Vulnerability Mitigation Steps

Meanwhile, MSP-friendly security companies such as BlackPoint CyberCybereason and Huntress offered this Log4j security guidance to MSPs and MSSPs.

Stay tuned for ongoing updates.

Story originally posted December 12, 2021. Updated regularly thereafter.

Return Home

2 Comments

Comments

    MJ Shoer:

    Hey Joe,

    You may be interested to know that the CompTIA ISAO issued one of the very first alerts on the Log4j vulnerability last Friday morning. Since that time, our cyber analysts have been actively tracking and we have made our threat intelligence and active discussion on the issue available to anyone, in order to assist organizations in understanding the issue and how to respond. Anyone can go to https://forum.comptiaisao.org and click the link the banner to access our Log4j vulnerability information. The CompTIA Information Sharing and Analysis Organization is all about helping MSPs and the entire IT Channel better understand risks like this and most importantly, provide actionable and easy to consume information to protect the MSP/Channel organization and our collective customers. Hope this will prove helpful to your readers.

    Joe Panettieri:

    MJ: Thanks for continued updates from the CompTIA ISAO. I hope all is well with you.
    -jp

Leave a Reply

Your email address will not be published. Required fields are marked *