Networking, MSP

Log4j Vulnerability: MSP Software Companies Respond to Log4Shell

Auvik Networks, ConnectWise, Datto, Kaseya, Liongard, N-able, NinjaOne and Pax8 are among the MSP software companies and SaaS marketplace providers to issue statements about the widespread Log4j vulnerability (aka CVE-2021-44228), also known as Log4Shell.

Related Update: Log4j vulnerability timeline -- from discovery to exploits to ongoing mitigation.

The Log4j vulnerability allows unauthenticated remote code execution (RCE) on any Java application running a vulnerable version of Apache’s Log4j 2, BlackPoint Cyber told MSSP Alert.

In a statement, the Cybersecurity and Infrastructure Security Agency (CISA) on December 11, 2021 called the Log4j vulnerability a "severe risk" and offered this four-step guidance to patch Log4j and mitigate potential Log4Shell cyberattacks.

Still, the worldwide Log4j software cleanup could take months, SC Media reported, because thousands of third-party software products run the code.

Amid that backdrop, many MSP software companies have been checking their code for potential exposure to the vulnerability. For MSPs, the status updates and associated vendor guidance could help the overall managed services industry to avoid potential supply chain attacks related to Log4j.

Log4j and MSP Software Provider Statements

The statements from various MSP software, platform and marketplace companies include:

Log4j Patches and Vulnerability Mitigation Steps

Meanwhile, MSP-friendly security companies such as BlackPoint CyberCybereason and Huntress offered this Log4j security guidance to MSPs and MSSPs.

Stay tuned for ongoing updates.

Story originally posted December 12, 2021. Updated regularly thereafter.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.

You can skip this ad in 5 seconds