US cybersecurity center: government services must immediately patch log4j systems

Spread the love

The Cybersecurity and Infrastructure Security Agency, or CISA, has issued an emergency order requiring U.S. civilian government agencies and agencies to immediately patch log4j systems or take other measures.

Under Emergency Directive 22-02, US civilian government departments are required to assess whether systems with internet access are susceptible to log4j vulnerabilities. If these systems are indeed sensitive to this, then government departments must immediately install updates to counter cyber attacks, or take ‘other appropriate measures’.

Government bodies must implement these patches or other measures by Thursday at the latest. In addition, the services must report to the CISA what measures they have taken; they have until Tuesday 28 December to do this. Non-government organizations are also “highly recommended” by the cybersecurity agency to take immediate action.

CISA has collected a list of mitigation proposals from IBM Security, Cloudflare and Microsoft, among others, with which government departments can investigate measures. A GitHub list of affected devices and services can also be found here.

The emergency order is in response to active abuse of the log4j vulnerabilities, the agency said. CISA director says the log4j vulnerabilities pose an “unacceptable risk” to government network security.

You might also like
Exit mobile version