Following the recently released advisory on a high severity vulnerability (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105) impacting multiple versions of the Apache Log4j 2 utility, our IT and support teams have taken a proactive approach to investigate the impact of this vulnerability on our networks and services.
From a product and managed services perspective, the team have taken a technology-based focus which has allowed us to work closely with a number of vendors to identify and possibly remediate any Apache vulnerabilities that exist in their products. Some vendors have been able to provide patches, but many of these are still evolving, and in some cases workarounds have been provided as an interim measure until remediation in the form of a patch or otherwise is available.
From our internal network perspective, our network security team have been conducting a targeted sweep on possible affected services in our supported environments and have been applying appropriate work arounds and patches as per vendor recommendations. We are confident in our security measures and the proactive response to this vulnerability by our support teams. We will continue to review our environment along with the latest vendor advice and take any required actions.
If Canon Business Services ANZ is not responsible for managing your IT or BPO services, we would strongly recommend reviewing your infrastructure and applying patches or workarounds as specifically recommended by each vendor in use in your environment.
We’ll keep you updated as the situation evolves.