The Core Technologies Blog

Our Software // Windows Services // 24×7 Operation


We’re Not Affected by the December 2021 Apache Log4j Vulnerability

We're Not Affected by the Apache Log4j Vulnerability

In early December 2021, a severe remote code vulnerability was revealed in Apache Log4j — a very popular Java-based logging framework used by developers of web and server applications.

The vulnerability affects a broad range of services and applications on servers, making it extremely dangerous — and the latest updates for those server applications urgent! In fact, malicious actors are already hard at work exploiting the flaw.

We’re taking this issue very seriously at Core Technologies Consulting. A thorough analysis of our systems has concluded that:

  • None of our Windows software uses Apache Log4j.

    AlwaysUp, Service Protector and our free utilities are not exposed.

  • Log4j2 <= 2.14.1 is not used by any software in our infrastructure.

    Our back end components use other logging frameworks (e.g. Monolog) to capture important messages from the server software.

  • All back end security patches have been applied.

    Our Linux application servers are configured to automatically deploy security patches as they become available.

We’ll continue to monitor the situation as it evolves.

Please be sure to reach out to our support team if you have any questions or would like additional information.

Stay safe!

Posted in Support | Tagged , , , , , | Leave a comment

Leave a Reply

Your email address will not be published.