The last thing that anyone who manages IT systems wants to hear about is a new vulnerability. At best an annoyance and at worst a full-fledged disaster, computer vulnerabilities pose a security risk to any online environment since they allow bad actors to breach systems and access classified data or perform unauthorized tasks.
Recently, a serious vulnerability was uncovered in the Java-based logging library Apache Log4j. In this article, we will go over what you should know about this vulnerability and what EveryonePrint is doing to ensure the safety of your printing infrastructure.
On December 9, 2021, a concerning vulnerability in the Java-based logging package Log4j was discovered by Chen Zhaojun from Alibaba’s Cloud Security Team. This vulnerability allowed attackers to deploy code on a remote server, an action known as a Remote Code Execution (RCE).
Since the discovery of this vulnerability, which you may also hear referred to as “Log4Shell”, “LogJam,” the “Apache exploit,” or the “Apache vulnerability,” bad actors have already made infiltration attempts in the millions. One of the most troubling parts of this vulnerability is that it leaves a window of opportunity so wide that even hackers of low skill levels can infiltrate.
The Log4Shell vulnerability is severe and has been given a rating of 10 by the Common Vulnerability Scoring System (CVSS), which is the highest possible score. It is a zero-day vulnerability, which means that hackers discovered it before internal teams knew its existence.
Like most cloud services, EveryonePrint’s Hybrid Cloud Print (HCP) service relies on Log4j version 2 to log software information and record application activity. This is a common practice by most companies worldwide that use cloud technology.
Thankfully, EveryonePrint has existing processes in place to deal with vulnerabilities. This, combined with the expertise of our efficient internal team, allowed us to react very quickly to the discovery of the Log4shell vulnerability. We have addressed this critical issue in update 3.18 of HCP. All partners who rely on our HCP secure printing software are strongly advised to update their gateways to 3.18 at this time.
All secondary HCP gateways can be upgraded remotely from the HCP admin web user interface. For customers relying on private cloud installation, it’s possible to do simple over-the-top upgrades. For more information on this and updating secondary gateways, refer to the HCP installation and configuration guide (must be logged into Partner Zone).
Important note for EveryonePrint mobile users: while EveryonePrint Mobile also relies on Java-based software, it uses a different version of Log4j (Log4j version 1). This version is not vulnerable to the Log4j security flaw, and we will keep our partners informed if a recommendation for updated changes.
Serious security vulnerabilities make the importance of a cloud-based managed print solution more apparent than ever. With options for remote management, high-security standard compliance, and secure pull printing, HCP from EveryonePrint remains the most valuable way to ensure that your printing infrastructure remains safe and out of the reach of potential hackers.
It is highly recommended that existing customers who are running HCP in private clouds or who have HCP secondary gateways update their print environment to protect sensitive information.
For those not running a cloud-based print system, your print environment is becoming more vulnerable with every print job. Reduce your risk by switching to the latest HCP version and take advantage of security features that keep your data safe from the Log4shell vulnerability. Start today with a free trial of Hybrid Cloud Platform (HCP).