[et_pb_section fb_built=”1″ _builder_version=”4.14.2″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.14.2″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”1_2″ _builder_version=”4.14.2″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.14.2″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n
Mainstream media is abuzz with the latest software vulnerability.\u00a0It is in a commonly used component called Log4J 2.<\/strong><\/p>\n This component is in widespread use and the risk is real.\u00a0 \u00a0 This is a fast paced and quickly changing alert.\u00a0 At the time of writing, the immediate risk is when it is used on applications and websites available on the internet.\u00a0 \u00a0\u00a0The biggest risk will come from internal services which can be accessed across the internet, where it could give a hacker the potential to gain access into your network.\u00a0 \u00a0\u00a0<\/p>\n <\/p>\n [\/et_pb_text][\/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.14.2″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_image src=”http:\/\/kinetics.co.nz\/wp-content\/uploads\/2021\/12\/Apache_Log4j_Logo.png” title_text=”Apache_Log4j_Logo” _builder_version=”4.14.2″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.14.2″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.14.2″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.14.2″ _module_preset=”default” hover_enabled=”0″ global_colors_info=”{}” theme_builder_area=”post_content” sticky_enabled=”0″]<\/p>\n The majority of work-from-home staff are accessing the network using either a Remote Desktop (RD) Gateway and\/or a VPN.\u00a0 At the time of writing these are not known to be at risk.<\/p>\n Log4j 2 is Java\/Apache service and can be built into applications.\u00a0 When it is embedded into an application, we need the application software vendor to release a fix.\u00a0 \u00a0\u00a0Java itself is also installed on almost every Windows device.<\/p>\n Our Kinetics KARE includes patching of Java for Core Fundamentals and Premium KARE clients.\u00a0 The KARE team are urgently pushing out the latest Java versions to all devices covered by Core Fundamentals and Premium KARE.<\/p>\n Almost every company has a public website. The best course of action is to contact your web developer directly and seek their assurance that your web site is not at risk.<\/p>\n KARE for Security S2 clients have\u00a0 internet-based vulnerability scans on their public IP addresses.\u00a0 \u00a0We are urgently reviewing the latest version of these and confirming any open ports.\u00a0 We will then be contacting any identified vendors for a update on their products.\u00a0 We have also added in extra scan cycles for these clients.<\/p>\n For KARE for Security S1 clients where we supply their firewall or firewall firmware upgrades: We are reviewing the incoming connections and contacting vendors for information about their products.\u00a0\u00a0 \u00a0Clients will be contacted as information becomes available.<\/p>\n It is uncommon for Line of Business applications to be directly exposed to the internet.<\/p>\n We expect to see many providers releasing updates to their products, and these will need to be applied.\u00a0 Kinetics is working though these seeking advice from vendors and will contact impacted clients as information becomes available.\u00a0 Priority must be given to applications with an internet accessibly interface.<\/p>\n There are tools available that will test for this software vulnerability.\u00a0 Kinetics is warning that a receiving a pass result does not prove that you are safe.\u00a0 We have already been warned of one application which only exposes the vulnerable code occasionally during normal operations.\u00a0 \u00a0This makes any test result unreliable.<\/p>\n We are working through KARE clients assessing risks.\u00a0 The best response is to ensure we have updated your platform, but we also need your software suppliers to check their software and issue any necessary updates<\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":" Mainstream media is abuzz with the latest software vulnerability.\u00a0It is in a commonly used component called Log4J 2. This component is in widespread use and the risk is real.\u00a0 \u00a0 This is a fast paced and quickly changing alert.\u00a0 At the time of writing, the immediate risk is when it is used on applications and […]<\/p>\n","protected":false},"author":5,"featured_media":8377,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4,5],"tags":[],"class_list":["post-8376","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security"],"_links":{"self":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/8376","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8376"}],"version-history":[{"count":0,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/8376\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8376"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8376"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8376"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Is there a “Work From Home” risk?<\/h3>\n
Java Updates<\/h3>\n
Public Websites<\/h3>\n
KARE for Security Clients<\/h3>\n
Major Line of Business Applications<\/h3>\n
Application testing<\/h3>\n
Summary<\/h3>\n