Published
New IT vulnerability affects many
The new vulnerability in Apache Log4J exists in many different systems and products. Therefore, it is important that companies and organisations that have IT systems with mail servers and contact with the internet have a look at their IT environment as soon as possible and make the necessary upgrades.
Apache has published a security update that handles this vulnerability in Log4j (CVE-2021-45046).
The most important measures that should be done immediately:
- investigate whether there are vulnerable systems in the organisation
- implement security updates immediately
- make sure to turn off vulnerable systems and services (if it is not possible to update security promptly)
- examine the IT environment for traces of an attack
More information (in Swedish and English) at Cert.se
Cert.se is Sweden's national Computer Security Incident Response Team with duties to support society with handling and prevent IT-incidents. Cert.se is part of the Swedish Civil Contingencies Agency, Myndigheten för samhällsskydd och beredskap (MSB).