What is the Log4j vulnerability?

In December 2021, a number of vulnerabilities were reported in Log4j. Log4shell is a critical vulnerability in the widely-used logging tool Log4j, which is used by millions of computers worldwide running online services. For more details on the vulnerability please read the NCSC article.

Are Liftshare’s services affected by the Log4j vulnerability?

We have reviewed all customer servers and found no instances of this current threat. Liftshare’s bespoke web applications do not use Log4j software and are therefore unaffected.

Liftshare has verified that we do not have any internal systems or software products affected by these vulnerabilities.

Liftshare continues to monitor news and responses from our 3^rd party cloud providers Microsoft Azure and Email service provider Sparkposts related to Apache Log4j disclosed on 9 Dec 2021.

Microsoft is not aware of any impact on the services used to host Liftshare’s services and apps. Microsofts Azure App Service and Functions do not distribute Log4J in the managed runtimes and Liftshare services are hosted on Windows Managed App service. At this time the Log4j vulnerability does not pose a threat to Liftshare’s website or services, but we continue to monitor Microsofts advise.

3^rd Party Vendors response

Microsoft – cloud hosted services
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/

Sparkposts – email services
https://www.sparkpost.com/blog/sparkpost-log4j-vulnerability/