Get in Touch 0333 320 8338 (Help Desk: Option 1 / Sales: Option 2)

Log4j Critical Vulnerability Warning – What You Need to Know
28th December 2021

All you need to know about the latest critical vulnerability Log4shell in the widely used logging tool Log4j, who it might affect, and what to do to reduce your risk.

 

Log4shell is a critical vulnerability in the widely-used logging tool Log4j. This logging tool is used by millions of computers across the globe running online services. Organisations, governments and individuals are all at risk and, whilst fixes have been issued, they still need to be implemented.

 

What is Log4j?

 

Log4j is an open-source logging library that’s used widely by software applications and online services across the internet.

 

Because today’s software is so complex, it tends to be created by multiple developers who work using a ‘building blocks’ approach. This is so that certain blocks can be used for different applications, rather than all individual software being written from scratch.

 

Log4j is one of the many building blocks that are used in software creation. Known as a ‘software library’, it is used by developers to keep track of what happens in their software applications or online services. In essence, it’s a vast journal of the activity of a system or application. This activity is known as ‘logging’ and developers use it to help them spot potential problems users may encounter.

 

What is Log4shell?

 

Early in December, the National Cyber Security Centre (NCSC) reported a vulnerability known as Log4shell as having been found in Log4j.

 

If it is left unfixed, Log4shell will allow attackers to hack systems, steal passwords and logins, extract data, and infect networks with malicious software. The major problem with Log4shell is that it takes very little expertise to exploit, which makes it potentially one of the most threatening computer vulnerabilities for some time.

 

Who will be affected by Log4shell?

 

Pretty much all software has some form of logging ability, whether it’s for security, operational or development purposes. Log4J is a common element used for logging. The majority of devices and services we use online as individuals every day will use Log4j.

 

It is vital therefore that everyone ensures their devices and apps are as up to date as possible, and that they continue to update them on a regular basis, especially over the next few weeks.

 

If you run a business, it may not be instantly obvious whether your web applications and servers, network devices and software use Log4j, which makes it vital that you follow the advice issued by the National Cyber Security Centre, as well as the advice issued by your software providers.

 

If you are using Log4j in applications that you’ve developed in-house, then be sure to update to the latest version.

 

If you are using third party applications that incorporate Log4j, again make sure they are updated to the latest version. Keep up to date with newly issued security patches over the next few weeks and be sure to set your updates to automatically install.

 

Where you are not sure whether any applications in use in your organisation uses Log4j, make enquiries of your in-house or third party developers or IT consultants. Developers have been asked by the NCSC to act promptly when enquiries are made of them.

 

The NCSC official vulnerability alert provides more in-depth technical detail on the steps to take to protect yourself and your organisation from Log4shell.

 

If you are a UK organisation which has already been compromised by this vulnerability, you are advised to report it to the NCSC via its website.

 

Reduce your risk of a cyber-attack with help from PC Docs

 

Increasingly, cyber criminals are finding more and more ways to take advantage of vulnerabilities like Log4shell. It is therefore crucial that you take steps to protect your business, not just against this latest threat, but against all cyber threats.

 

Here at PC Docs, we offer a comprehensive package of cyber security solutions, all of which can be tailored to suit your individual business needs and cyber risk assessment.

 

From anti-malware and adware systems, to firewall and antivirus setup and management, internet and spam filters and email scanning software, we’ve got everything covered.

 

To learn how we can help keep your organisation safeguarded against all the latest cyber threats, including Log4shell, please get in touch.

Our Partners
IT Support Company
IT Companies London
IT Consultants London
PC Support
Business IT Support
Small Business IT Support
IT Support
IT Support for Draytek
London IT Support for ESET
IT Support for Lenovo
IT Support for Sophos
IT Support for Yealink

What Our Clients Say

John and his IT support team at PC Docs have been a real asset to us at Chiller Box... We can focus on our customers, leaving PC Docs to deal with any day to day IT issues arising.
IT company review
Chiller Box Marios Poumpouris
It was the best decision we could have made… No issue is too small and support response times are swift and carried out in a polite and caring manner.
Karidis Clinic Deborah Vine
Thanks to you and your team, everything went to plan and happened as it was supposed to! Our move went seamlessly and you guys went the extra mile!
Andrew Stevens Cos Eleftheriou
We have used PC Docs for 10 years now. As with most companies when our IT goes wrong we need it dealt with asap… PC Docs do this for us and they do it very well.
IT Support review
Forty Group Stephen Fixman
Switching to PC Docs was the best decision we made for our growing practice...PC Docs has truly taken all the stress of IT from us.
Helen Nicolas Accounting Solutions Helen Nicolas

Get in Touch

Contact our IT Consultants today:

 

PC Docs

Southgate Office Village, Block F

288 Chase Road

London

N14 6HF

Request a quote