Critical vulnerability discovered in log4j

On Friday, a critical vulnerability in log4j, a logging library for Java applications, was published, which is classified as extremely critical by the German Federal Office for Information Security (BSI). The vulnerability allows third parties to gain extensive rights on systems, for example to reload and execute malicious code.

In addition to warnings about the vulnerability in log4j, many software vendors have already published workarounds or even patches. If available, we have already applied the patches for the systems hosted by EBF or implemented workarounds. For these and non EBF hosted systems you will find important information in this article.

What happened and what are the consequences?

An IT security service provider has disclosed a vulnerability (CVE-2021-44228) in versions 2.0 to 2.14.1 of the logging library log4j, which is used in many systems. This allows attackers to execute their own program code on the target system and compromise the server in this way. This allows attackers to perform far-reaching actions.

What should you do?

1) We strongly recommend that you install the updates provided by the manufacturers as soon as they are available. More detailed information for the individual systems follows here:

For MobileIron customers

Workarounds are available for MobileIron.

  • For the systems hosted by EBF, we have already applied a first workaround on Saturday. We will import an additional workaround provided by Ivanti for you later today.
  • For systems not hosted by us, we recommend you to proceed according to the instructions provided by Ivanti: https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j.

For Jamf customers

Jamf has provided a new library that replaces the vulnerable version of log4j. The new library is already included in the new Jamf version 10.34.1, which is available for installation.

For Workspace ONE customers

In the UEM environment, VMware Unified Access Gateway, VMware Workspace ONE Access and the VMware Workspace ONE Access Connector products are affected. VMware has already developed a workaround to close the vulnerability there.

For BlackBerry customers

BlackBerry UEM is not affected. For BlackBerry Enterprise Mobility Server and BlackBerry Workspaces, BlackBerry has developed a workaround. Customers can contact EBF support for this.

For EBF customers:

Customers with a system hosted by EBF do not need to perform any manual action. Customers whose system is not hosted by EBF are welcome to contact our support team at moc.f1660042597be@tr1660042597oppus1660042597.

Important Note: As vendors continue to work on updates, some systems will experience short-term downtime throughout the day.

 

2) For systems for which an update is not yet available or for which it is not yet clear whether they are affected by the security vulnerability, we recommend disconnecting from the Internet unless absolutely necessary.

Affected other products / services

EBF products (EBF Onboarder, EBF Files, EBF Print, EBF Contacts, MIDA) are not affected. The manufacturers are currently checking whether other systems are affected.

As soon as we have further knowledge about the vulnerability or knowledge about further updates, we will inform you immediately here.

Find out about the latest developments in the fast-moving digital workplace!

We keep you regularly informed about exciting topics around the digital workplace and invite you to our webinars.

EBF Newsletter

EBF Newsletter