Staying safe and secure: Information about a critical vulnerability in the Log4j software and how it might affect you. (2-minute read)

Maintaining your security and business continuity has always been Premier Choice Groups top priority so following last week’s news, we wanted to explore this further and inform you of the impact, actions taken and ongoing risk mitigation.

What is the Log4j and why is it now vulnerable?

Log4shell is a critical vulnerability in a very common software package used by developers and server applications. The vulnerability means that an attacker can execute code on any system that is using Log4j.

The National Cyber Security Centre have said:

Last week, a vulnerability was found in Log4j, an open-source logging library commonly used by apps and services across the internet. If left unfixed, attackers can break into systems, steal passwords and logins, extract data, and infect networks with malicious software.

Log4j is used worldwide across software applications and online services, and the vulnerability requires very little expertise to exploit. This makes Log4shell potentially the most severe computer vulnerability in years.

Will this affect me?

Checking of internal Premier Choice Groups systems has been completed and patches applied where necessary. We will continue to work with software and hardware vendors to ensure we apply the latest mitigations and have the most up to date security information available.

We are pleased to say that the following software is either not vulnerable or has been patched and is therefore no longer a concern;

  • DrayTek Products
  • Panasonic/LG PBXs
  • PCG Core Network (Including PWAN and Data Network)
  • SIP Carriers (BT/Horizon)
  • Datto RMM (Used for Remote Services)
  • Call Reporting/Call Recording Components
  • Core Operational systems used to place orders and Manage Billing
  • Amazon Web Services
  • Our CRM

What next?

In summary, all of the major systems that we implement have either been patched or are unaffected. However, if you use any bespoke software that you are concerned could be vulnerable, please either contact the software vendor directly or contact our support team by calling 020 8300 9495 or emailing support@premierchoicegroup.com.