1:45pm, 13 December 2021
TLP Rating:
Weakness in commonly-used software component being used by attackers.
A serious weakness has been discovered in a software component widely used by businesses and organisations.
The Java software component called Log4j has a vulnerability which means attackers can use it to illegally access systems and services. It features in many Java applications and services, and any businesses that use it could be at risk.
What to do
Prevention
CERT NZ strongly recommends businesses:
- update software as soon as possible, as attackers are already exploiting the vulnerability.
- contact their IT service provider or seek assistance from one. Request they check if you use Log4j , and make sure they apply the necessary updates to prevent your systems and services from being affected.
Please share CERT NZ’s Log4j advisory for IT professionals with your IT service provider, it includes information for them on what to look for and what updates to apply.
More information
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.
For media enquiries, email our media desk at media@mbie.govt.nz or call the MBIE media team on 027 442 2141.