Critical Vulnerability - Log4j
Breaking News
Dec 17, 2021

Critical Vulnerability - Log4j

If you are concerned that your organization may be vulnerable, please do not wait for us to reach out. Email techsupport@gyver.com immediately to open a ticket, and we will prioritize your review.



To our valued clients & partners:


As you may have heard, recently a very serious security flaw was announced in a product called “log4j” which is used by many systems across the internet. We take the security of our clients and partners very seriously, and we want to ensure you understand the potential risks this poses to your organization.


Questions & Answers


How serious is the risk?

Very high. This flaw was given a rating of “10”—the highest risk. It can be exploited without any user interaction and without your knowledge.


Am I Vulnerable?
The answer will vary depending on your environment. Generally speaking, if you run any programs that use Java – there is a good chance you may be vulnerable. Even if you do not believe you are using Java, there is a good chance that one of the software programs you use does in some way, and is therefore vulnerable.


What is Gyver Doing?

Subscribers to our 24/7 SOC product are already actively being scanned for this vulnerability. We are also systematically working our way through our systems list and reaching out to advise on what actions are needed, if any, to secure your organization. The primary contact for your organization should hear from a Gyver representative about this by Monday 12/20, with an update tailored to your business. If you are concerned that your organization may be vulnerable, please do not wait for us to reach out. Email techsupport@gyver.com immediately to open a ticket, and we will prioritize your review.


How can I protect myself?

There are a number of ways you can protect yourself. Here are three steps to take immediately.


  1. Ensure your workstations & servers are up to date and patched with all software updates.
    Gyver offers patch management, including for many popular java based applications. If you are not enrolled in our patch management program, we strongly recommend that you add this service immediately.
  2. Review all your internet facing server systems for applications that use java and may use log4j.
    Email techsupport@gyver.com to open a ticket if you would like help scheduling a review.
  3. Perform vulnerability scans.
    Gyver recently partnered with a 24/7 Managed Security Operations Center which detects and alerts about log4j vulnerable systems. It has already successfully discovered and helped remediate log4j on our subscribed clients’ networks. We would be happy to provide a free trial on a limited number of systems to help assess your risk level.