The Brandshelter Global IT/Engineering teams have been monitoring the ongoing situation with regard to Log4j since the disclosure of the ‘Log4shell’ exploit right after it was made public on 9 December 2021.
On December 10, 2021, NIST published a critical Common Vulnerabilities and Exposure alert, CVE-2021-44228. More specifically, JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from remote servers when message lookup substitution is enabled.
The team has run an initial security risk assessment on our infrastructure and applications used by our Clients, and we believe that our services are not affected / cannot be exploited by this vulnerability. However, we continue to liaise with the specific vendors and teams so as to keep up with any new developments on that front.
Enterprise DNS Assessment
Neustar have investigated any potential exposure across all Neustar Security Services solutions related to this vulnerability and have determined no identified exposure to the vulnerability:
- UltraDNS portal, propagation and edge node systems – No identified exposure to the vulnerability
- UltraDNS Firewall – No identified exposure to the vulnerability
- UltraDDoS Protect and UltraWAF portal and mitigation systems – No identified exposure to the vulnerability
- UltraThreat Feeds – No identified exposure to the vulnerability
Neustar’s security and technical teams are continuing to monitor the situation as it progresses, and we will keep our Customers updated as we receive updates.
bandsec is a corporate domain name management and brand protection company that looks after many of Australia, New Zealand and Asia’s top publicly listed brands. We provide monitoring and enforcement services, DNS, SSL Management, domain name brokerage and dispute management and brand security consultation services.