Vulnerabilities have been found in Log4J.
Internet security researchers have recently discovered a new vulnerability in an open-source program called Log4j. Log4j is used by many software vendors, primarily in web servers and other web-enabled devices. This vulnerability is already being used by attackers, allowing them to take full control of affected machines. Log4j is an extremely popular piece of software and this vulnerability affects potentially millions of machines on the internet.
Network administrators should immediately identify all machines in their environment which might be vulnerable to this attack and contact the appropriate vendors to find out how to upgrade to a secure version of the software. Likely targets include Apache web servers, firewalls and any other services which are accessible via a web browser. If patching/upgrading is not an option, workarounds are possible to disable Log4j or protect vulnerable machines.
If you have any questions about this vulnerability or would like assistance reviewing your network, please contact firstname.lastname@example.org for further assistance or call us at (800) 710-4010.