Vircom update regarding CVE-2021-44228 (Apache log4j exploit)

Created by Yves Lacombe, Modified on Thu, 16 Dec 2021 at 02:29 PM by Yves Lacombe

We have done a complete inventory of all internal systems to our infrastructure and none of the systems are affected by the exploit.

The software we publish are written on top of the Windows stack so modusGate, modusMail, our system and the VircomPortal are not affected by this vulnerability.

The modusCloud platform is our branded version of Proofpoint Essentials.

An update was published by Proofpoint indicating that they have been patching their systems since disclosure.

Here's the official statement on their website:

CVE-2021-44228 - Java logging package log4j2

Dec 10, 2021

A critical remote code execution vulnerability affecting the popular Java logging package log4j2, CVE-2021-44228, was published on December 10, 2021.  The vulnerability is also referred to as Log4Shell.  Scanning and exploitation of the vulnerability began shortly after the vulnerability was disclosed.

Proofpoint issued an internal advisory for patching all affected production and corporate environments on the day the vulnerability was disclosed.  Additionally, we are conducting an internal investigation to determine if there is any impact.

We are actively monitoring for new disclosures regarding indicators of compromise and attacker tactics, techniques, and protocols. Updates to this notification will be made if there are any significant changes to the available information about the threat and will be available to customers by request.