On December 9, a severe remote code vulnerability was revealed in Apache’s Log4J , a very common logging system used by developers of web and server applications based on Java and other programming languages. The vulnerability affects a broad range of services and applications on servers, making it extremely dangerous—and the latest updates for those server applications urgent.
Sophos has completed an investigation to determine whether Sophos products are impacted. Please review the Security Advisory for status of your products.
SophosLabs has deployed a number of IPS signatures for Sophos Firewall, Sophos Endpoint, and Sophos SG UTM that scan for traffic attempting to exploit the Log4J vulnerability. The Sophos Managed Threat Response (MTR) team is actively monitoring MTR customer accounts for post-exploit activity. Sophos XDR customers can use a query to help identify vulnerable Log4J components in their environment.
Given the severity and widespread nature of this vulnerability, customers are advised to verify the presence/usage of Log4J in all applications, systems, and services across their environment. Focus first on internet-facing services and follow any update instructions.
