What Happened (in techy terms)?
On December 9, 2021, a security vulnerability in an open-source library called Log4j was made public. This library is in wide use within the global software community and is used to log events in the normal use of software, most often in Java-based applications.
If exploited, this vulnerability allows remote code execution on susceptible servers, giving an attacker the ability to import malware that allows them to take control of targeted systems.
This vulnerability is not unique to the software and hardware products that Spectrum supply and could therefore be present in other software that you use in your business. We encourage your internal team to examine the impact of this security issue on other software you may be using.
Some of our customers have reported that their IT teams have found references to the Log4J module in the various folder structures used by our products, although these references must not be interpreted as a sign that the module is being used.
How Does This Affect You?
Following the news, Spectrum’s Digital and Print teams have worked closely with the suppliers of our hardware and software products to mitigate the use of Log4j within our product portfolio and found very few instances of the vulnerability.
However, we take even one instance of the vulnerability incredibly seriously and so, if you are directly affected, we will know, and we will proactively contact you directly with further information.
Thankfully, in the vast majority of cases, the software and hardware solutions provided by Spectrum is highly unlikely to be materially affected by this vulnerability and so there is no need to contact our support team regarding Log4j.
As partners in your innovation and success, we will continue to monitor the situation and will keep you apprised of any important updates. In the meantime, rest assured that we’re on top of the situation.