Apache Log4j 2 Vulnerability
Last Updated at 5:00 p.m. CT on December 20, 2021
Customer Notice
On December 10, 2021, a critical vulnerability in the popular Apache logging library log4j was announced. This library is widely used by enterprise applications and would allow a remote adversary to easily exploit the vulnerability and take control of an affected system.
Here at Micah, we do not directly use Java technologies, so we are not impacted by this vulnerability.
We are following up with our critical vendors to ensure they are applying the appropriate patches to their systems, if they are impacted. We will continue to monitor this, but so far they have done a great job of identifying their risk levels and taking the appropriate mitigation steps when necessary.
This is an ongoing analysis and we will post relevant updates as new information arises. At this time, there is no action required by our users to continue safely using Micah.
For updated information about our application status, please contact us or visit this page.
Recommended Resources
Apache Log4j Vulnerability Guidance (CISA Resource Page)
CISA Insights: Preparing For and Mitigating Potential Cyber Threats (Dec. 15, 2021)
FBI Statement on Log4j Vulnerability (Dec. 15, 2021)
White House Letter: Protecting Against Malicious Cyber Activity before the Holidays (Dec. 16, 2021)
Apache Log4j 2.15.0 Announcement (Dec. 2021)