skip to Main Content

The log4shell vulnerability – What to know

UPDATE (Dec 20th, 2021): Again another update has been released, NoTouch Center 4.5.246 with log4j 2.17.0 that also addresses CVE-2021-45105. We will continue to monitor log4j and follow their updates in an extremely timely manner.

UPDATE (Dec 15th, 2021): Another update has been released, NoTouch Center 4.5.233 with log4j 2.16.0 that also addresses CVE-2021-45046, which is way less bad and only applies in specific non-standard configurations. Nevertheless, we suggest to update.

A new security flaw is all over the news – “log4shell” (CVE-2021-44228), affecting (not only) Internet giants like Twitter and Apple. The culprit is a certain line of code in the Apache log4j package, an open source Java logging utility that is widely used. NoTouch Center 4.5.231, released December 11, 2021 and future versions contain log4j 2.15.0 (or newer), the updated version that is definitely not susceptible. When used in a properly up-to-date Stratodesk Virtual Appliance, it seems that the actual, malicious Remote Code Execution is not possible because the used Java version 11.0.x has that disabled by default. Nevertheless, Stratodesk strongly recommends to update to NoTouch Center 4.5.231.

NoTouch OS does not use log4j at all; furthermore a Virtual Appliance in Cloud Xtension mode also doesn’t use log4j.

A quick mitigation is to update the Virtual Appliance to 1.0-657 as it will use a mitigation technique based on the log4j.formatMsgNoLookups=true setting. In other words, if you don’t want to update NoTouch Center right away, please ensure you are running 1.0-657 as per Updating the Virtual Appliance Software (KB) – this is quick and painless and available regardless of subscription status.

The log4shell vulnerability – What to know

UPDATE (Dec 20th, 2021): Again another update has been released, NoTouch Center 4.5.246 with log4j 2.17.0 that also addresses CVE-2021-45105. We will continue to monitor log4j and follow their updates in an extremely timely manner.

UPDATE (Dec 15th, 2021): Another update has been released, NoTouch Center 4.5.233 with log4j 2.16.0 that also addresses CVE-2021-45046, which is way less bad and only applies in specific non-standard configurations. Nevertheless, we suggest to update.

A new security flaw is all over the news – “log4shell” (CVE-2021-44228), affecting (not only) Internet giants like Twitter and Apple. The culprit is a certain line of code in the Apache log4j package, an open source Java logging utility that is widely used. NoTouch Center 4.5.231, released December 11, 2021 and future versions contain log4j 2.15.0 (or newer), the updated version that is definitely not susceptible. When used in a properly up-to-date Stratodesk Virtual Appliance, it seems that the actual, malicious Remote Code Execution is not possible because the used Java version 11.0.x has that disabled by default. Nevertheless, Stratodesk strongly recommends to update to NoTouch Center 4.5.231.

NoTouch OS does not use log4j at all; furthermore a Virtual Appliance in Cloud Xtension mode also doesn’t use log4j.

A quick mitigation is to update the Virtual Appliance to 1.0-657 as it will use a mitigation technique based on the log4j.formatMsgNoLookups=true setting. In other words, if you don’t want to update NoTouch Center right away, please ensure you are running 1.0-657 as per Updating the Virtual Appliance Software (KB) – this is quick and painless and available regardless of subscription status.

Stratodesk Offers Scalable, Unified, and Simplified Endpoint Management – ActualTechMedia

The focus of this Spotlight Series discussion between Stratodesk CEO Emanuel Pirker and ActualTech Media…

Read more
Stratodesk and Citrix LTSR – Bringing Predictability to VDI Endpoints

Stratodesk has received certification for Citrix Ready™  verification for Citrix Virtual Apps and Desktops™ 2203…

Read more
Introducing Stratodesk NoTouch 3.4. & Stratodesk NoTouch Center 4.5.

It’s been a couple of months since Stratodesk NoTouch OS 3.3.727 was released, and this…

Read more

Sign up for your NoTouch OS Free Trial

Free Trial grants you 30 day access to Stratodesk software.









Specific questions or comments:
I agree to the privacy policy
Subscribe to Stratodesk Newsletter

Subscribe to our newsletter:

Back To Top
X