You may have heard in the media over the weekend that a global security vulnerability has been identified within a widely used java logging library, log4j, and is having a major impact. This is GTB’s initial advice.
The context is that this java logging library, log4j, has been widely used over the years in the building of software applications and web apps. So, it is used in a lot of places.
The vulnerability is already being exploited by hackers, so it is "live" and still a risk.
Right now, there is a global scramble going on as software companies work out whether their software is affected and what to do about it if it is.
More will come out in the next few days, but it will likely take weeks or months for the software companies to sort everything out. So, how does this affect you?
GTB-provided software – including our remote support 'Golden-G' tool, ESET Security, Dropbox and Microsoft Office 365, etc.; as far as these key software companies have informed us, do not include the java logging library, log4j. We will actively monitor this.
GTB does not know which of your software applications supplied by other people may use java logging library, log4j. Please note that software authors very often do not disclose exactly what their software is built from as this information can assist hackers! So, the services/software you use that GTB does not supply could conceivably use the java logging library, log4j.
GTB has been removing Java from client computers for some years unless there is a known need for it. We did this as a precautionary 'tidy-up' for clients on SureIT Remote, Full or Extended agreements where pro-active maintenance is included in the service. However, some PCs may have escaped this scrutiny, especially if they do not have installed the GTB' Golden-G' agent.
You contact the suppliers of software you use that did not come from GTB to confirm whether their software is vulnerable and anything you should do. For medical centres, we suggest you follow the guidance given by your PHO and/or MedTech/Indici or others applicable.
Practically speaking, the game Minecraft has been a common way for hackers to exploit this vulnerability in its early days. In general, we recommend that you don't allow games on work on computers. However, at the moment, we recommend you use this incident to ensure users remove Minecraft (and ideally all games) from any PC connected to your network.
GTB can use our Golden-G software (for those on any SureIT agreement) to remotely uninstall any Java apps from your computers. This may be taking a sledgehammer to crack a nut, as it is not Java with the vulnerability, just one of its widely used libraries. However, if you want us to do this, we can (at 'no extra charge' for Sure IT Remote, Full or Extended clients). Please discuss.
Please also advise us asap if you have any concerns or would like us to do anything.
To read in more depth - https://www.wired.com/story/log4j-flaw-hacking-internet/
PS – If you don't know the GTB Golden-G, please ask!