EoL Systems Stonewalling Log4j Fixes for Fed Agencies
January 7, 2022 – Published on threatpost
End of life, end of support, pandemic-induced shipping delays and remote work, scanning failures: It’s a recipe for a patching nightmare, says GuidePoint Security’s Matt Keller, Vice President of FederalServices.
Last month, federal agencies were given a Christmas Eve deadline – Dec. 24 – to address the “extremely concerning” Log4j and other vulnerabilities.
Nobody said it would be easy.
Besides the difficulty of tracking down all instances of the ubiquitous Apache logging library, the job of patching the flaws has been further complicated for many agencies by end-of-life (EoL) and end-of-support (EoS) systems connected to the network.
Keller told Threatpost that many agencies are unable to patch Log4j, et al., due to network-connected EoL and EoS systems: an issue that’s further complicated by pandemic-wrought supply chain delays and remote-work issues.
Due to all these snafus, Keller has found that agencies are relying on running command-line scripts to find affected systems. They’re also constructing tiger teams to tear into the monumental workload: i.e., specialized, cross-functional teams brought together to solve or investigate a specific problem or critical issue.
Between technology issues and travel restrictions/shipping delays involved in replacing these systems, Keller predicts that agencies are months away from being able to address Log4j.
Read More HERE.