In early December 2021, a severe remote code vulnerability was revealed in Apache Log4j — a very popular Java-based logging framework used by developers of web and server applications.
The vulnerability affects a broad range of services and applications on servers, making it extremely dangerous — and the latest updates for those server applications urgent! In fact, malicious actors are already hard at work exploiting the flaw.
We’re taking this issue very seriously at Core Technologies Consulting. A thorough analysis of our systems has concluded that:
None of our Windows software uses Apache Log4j.
AlwaysUp, Service Protector and our free utilities are not exposed.
Log4j2 <= 2.14.1 is not used by any software in our infrastructure.
Our back end components use other logging frameworks (e.g. Monolog) to capture important messages from the server software.
All back end security patches have been applied.
Our Linux application servers are configured to automatically deploy security patches as they become available.
We’ll continue to monitor the situation as it evolves.
Please be sure to reach out to our support team if you have any questions or would like additional information.
Stay safe!