Announcement: Apache Log4j 2 Vulnerability Notice - CVE-2021-44228

Update 20/12/2021

As vendors and partners continue to work through their product lists, more information is starting to become available to Maintel as to whether any remediation work is required, as this is collated Maintel will reach out direct to customers where products are impacted but in the mean time would like to encourage customers to record queries with our service team so that we can respond directly to specific customer concerns. Maintel service desk can be contacted at service@maintel.co.uk

Update 16/12/2021

Maintel continue to work with our key partners and will be notifying customer of Emergency Maintenance requirements as and when mitigation actions need to be applied. Please be aware that Maintel are prioritising systems that are at most risk and in particular any internet facing services, we will also engage direct with customers that have specifically raised tickets with our Support team regarding the Log4j Vulnerability.

If customers have further concerns regarding exposure we would advise them to consider completing vulnerability scans and that all endpoint management software is running the latest CVE-2021-4428 signature files. Maintel teams are working on our internal and ICON infrastructure to ensure that our customers and services are protected.

Announcement 14/12/2021

Announcement regarding the Zero Day exploit of the CVE-2021-44228 vulnerability. 

Maintel are working closely with all our key partners and vendors to ensure we keep abreast of updates and mitigation guidance. 

Specific information on the vulnerability can be found via the NCSC Link, the clear recommendation being that updates are applied as a matter of urgency or as soon as available. Customers should pay close attention to any internet-facing services that run Apache Log4j as they are at the most risk.

The protection of our customers and services is our top priority, more information will be provided as soon as possible