On Friday, a serious new vulnerability was published affecting Log4j, an open-source logging framework that’s widely used across many Java-based enterprise applications and web apps. If correctly exploited, hackers can use this to gain remote access to a business’ servers or IT systems. At 10/10 severity Log4j is one of the most serious IT vulnerabilities to have been discovered in recent memory. Log4J is often installed on both Linux and Windows systems either directly, or often as a requirement of another package or system. By default, Log4J is not included on customers’ UKFast servers, but if you are unsure if…
Yesterday, VMware announced that they were rolling out several updates in order to remediate multiple vulnerabilities identified in their products. The vulnerabilities were privately reported and range in severity from moderate to critical. Further information, patches and workarounds are detailed here. The CVEs and affected products are as follow: CVE-2020-3981 (important) …
On Friday 11th August Microsoft announced a phased two-part security update to address a recently identified vulnerability affecting Netlogon. The first stage of the update is underway, with the second phase expected in Q1 2021. Whilst Microsoft has known about the vulnerability since August, a Proof…