Log4j vulnerability: MSP software companies respond to Log4Shell


ConnectWise, Datto, Kaseya, N-capable, NinjaOne and Pax8 are among the first MSP software vendors and SaaS marketplace providers to publish statements on the generalized Log4j vulnerability (a.k.a CVE-2021-44228), also known as Log4Shell.

The Log4j vulnerability allows unauthenticated remote code execution (RCE) on any Java application running a vulnerable version of Apache Log4j 2, BlackPoint Cyber MSSP Alert said.

In a press release, the Cybersecurity and Infrastructure Security Agency (CISA) on December 11, 2021 qualified the Log4j vulnerability as “serious risk” and proposed this Four-Step Tips to Fix Log4j and Mitigate Potential Log4Shell Cyber ​​Attacks.

Yet the Cleaning up Log4j software around the world could take months, reported SC Media, because thousands of third-party software products run the code.

Against this background, many MSP software companies have checked their code for potential exposure to the vulnerability. For MSPs, status updates and guidance from associated vendors could help the entire managed services industry avoid potential supply chain attacks related to Log4j.

Statements from Log4j and MSP software providers

Statements from various MSP software, platform and marketplace companies include:

Log4j Patches and Vulnerability Mitigation Steps

Meanwhile, MSP-friendly security companies such as BlackPoint Cyber, Cyber-reason and Huntress Free this Log4j security guide to MSP and MSSP.

Stay tuned for ongoing updates.

Article originally published on December 12, 2021. Regularly updated thereafter.


Comments are closed.