Security Alert – log4j vulnerability

13 December 2021 by Catalyst

Latest update on log4j vulnerability

For general information and advice about the log4j vulnerability, and mitigations, please refer to the Australian Government ACSC website: 

https://www.cyber.gov.au/acsc/view-all-content/alerts/critical-remote-code-execution-vulnerability-found-apache-log4j2-library

Actions taken by Catalyst IT

Catalyst IT Security and Operations Teams have been reviewing and patching potentially vulnerable systems. Within six hours of the Catalyst operations team (on Sunday 12th Dec) receiving actionable patching and remedy details, we had already applied these to most of our fully managed infrastructure.

Catalyst IT continues to monitor internal and client systems, we are seeing attempts to exploit the vulnerability now that knowledge about it is widespread. We expect these attempts will only increase in frequency over the coming days.

Our current priority is to continue to monitor our systems, and if short term remediations were initially implemented, to apply longer term fixes. This work will continue over the next few days.

If you have specific questions about one of your systems managed by Catalyst IT, please contact your Account Manager.