General Advisory: Log4j Vulnerabilities

Apache has released critical security updates for Log4j to fix a Remote Code Execution (RCE) vulnerability being tracked as CVE-2021-44228 as well as two other related vulnerabilities being tracked as CVE-2021-4104 and CVE-2021-45046.

These vulnerabilities are known to be exploited in the wild.

System administrators are urged to apply updates immediately to avoid potential exploitation.

Important links:
CISA Apache Log4j Vulnerability Guidance
Microsoft Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation
Apache Log4j Security Vulnerabilities

Splashtop is NOT vulnerable to this potential security risk:
Splashtop Status Report for Log4J Vulnerabilities
Splashtop Support: Is Splashtop affected by Apache Log4j?