CryptoStopper security engineers continue to monitor the Log4Shell vulnerability closely. Extensive testing has been completed and we have confirmed no Log4j vulnerabilities exist within the CryptoStopper ecosystem.
Ongoing monitoring and testing will continue. Any relevant updates will be posted here.
2021-12-10 Email Notification Sent to Partners
A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that results in remote code execution (RCE). We are closely monitoring the situation and have not identified any systems within the CryptoStopper ecosystem vulnerable to the exploit.
All organizations using Log4j should update to version 2.15.0 as soon as possible. The latest version can be found at the Log4j download page.
Because of the widespread use of Java and Log4j, this is a serious threat to MSPs and software providers within the channel. Please verify that your systems and software providers are not vulnerable.