Automate101, Level 27, PwC Tower 188 Quay Street Auckland 1010 sales@getatria.com
Select Page

Late last week, a 0-day vulnerability in the widely used Log4j opensource logging framework was found.  It is severe because it is very widely used and allows full remote code execution.  Attackers are able to gain full control of the host running the software.

Trend Micro have a good overview in this security alert https://success.trendmicro.com/solution/000289940

Atria v12 or later does not use any version of this library, no further action is needed to protect Atria against this vulnerability.

As MSPs it is very likely that you will have applications or appliances which utilise this library.

Microsoft have more information on detection and response, as will other security vendors

https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/