On Friday, a critical vulnerability in log4j, a logging library for Java applications, was published, which is classified as extremely critical by the German Federal Office for Information Security (BSI). The vulnerability allows third parties to gain extensive rights on systems, for example to reload and execute malicious code.
In addition to warnings about the vulnerability in log4j, many software vendors have already published workarounds or even patches. If available, we have already applied the patches for the systems hosted by EBF or implemented workarounds. For these and non EBF hosted systems you will find important information in this article.
What happened and what are the consequences?
An IT security service provider has disclosed a vulnerability (CVE-2021-44228) in versions 2.0 to 2.14.1 of the logging library log4j, which is used in many systems. This allows attackers to execute their own program code on the target system and compromise the server in this way. This allows attackers to perform far-reaching actions.
What should you do?
1) We strongly recommend that you install the updates provided by the manufacturers as soon as they are available. More detailed information for the individual systems follows here:
For MobileIron customers
Workarounds are available for MobileIron.
- For the systems hosted by EBF, we have already applied a first workaround on Saturday. We will import an additional workaround provided by Ivanti for you later today.
- For systems not hosted by us, we recommend you to proceed according to the instructions provided by Ivanti: https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j.
For Jamf customers
Jamf has provided a new library that replaces the vulnerable version of log4j. The new library is already included in the new Jamf version 10.34.1, which is available for installation.
- For systems hosted by EBF, we have already applied the update on Saturday.
- For systems not hosted by us, we recommend updating to version 10.34.1 (https://docs.jamf.com/10.34.1/jamf-pro/release-notes/Whats_New_in_This_Release.html) or performing the workaround manually: https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html
For Workspace ONE customers
In the UEM environment, VMware Unified Access Gateway, VMware Workspace ONE Access and the VMware Workspace ONE Access Connector products are affected. VMware has already developed a workaround to close the vulnerability there.
- This has already been done in EBF hosted systems.
- For systems not hosted by us, we recommend you proceed according to VMware’s guidance: https://www.vmware.com/security/advisories/VMSA-2021-0028.html
For BlackBerry customers
BlackBerry UEM is not affected. For BlackBerry Enterprise Mobility Server and BlackBerry Workspaces, BlackBerry has developed a workaround. Customers can contact EBF support for this.
For EBF customers:
Customers with a system hosted by EBF do not need to perform any manual action. Customers whose system is not hosted by EBF are welcome to contact our support team at moc.f1643318504be@tr1643318504oppus1643318504.
Important Note: As vendors continue to work on updates, some systems will experience short-term downtime throughout the day.
2) For systems for which an update is not yet available or for which it is not yet clear whether they are affected by the security vulnerability, we recommend disconnecting from the Internet unless absolutely necessary.
Affected other products / services
EBF products (EBF Onboarder, EBF Files, EBF Print, EBF Contacts, MIDA) are not affected. The manufacturers are currently checking whether other systems are affected.
As soon as we have further knowledge about the vulnerability or knowledge about further updates, we will inform you immediately here.