This is the wording we got for the NORDUnet On-Premise installation. Anyone who asks their Zoom CSM should be able to get a similar response.
FAQ:
1. What happened?
• A new vulnerability in Log4j, an open-source Apache logging framework used by many companies, has been reported.
• We are following the recommended mitigation steps from Apache and patching any impacted systems by updating to Log4j version 2.16.0 or implementing recommended mitigations.
2. Is there any action that Zoom customers or users can take to protect themselves?
• The Zoom Security Team conducted a thorough investigation and believes Zoom Clients (including VDI and VDI plug-in) and On-Premise deployments (VRC, Meeting Connector, and Recording Connector) are not impacted.
• For our own infrastructure, Zoom is following the recommended mitigation steps from Apache and patching any identified systems by updating to Log4j version 2.16.0 or implementing recommended mitigations.
3. What is Log4j?
• Log4j is an open-source logging utility written in Java and distributed by the Apache Foundation.
• [It is an open-source logging API for Java.]
4. Do you use the Log4j tool in Zoom products or services? Which ones?
• [Log4j is commonly used by applications that are written in Java or heavily use other Apache products.]
• The Zoom Security Team conducted a thorough investigation and believes Zoom Clients (including VDI and VDI plug-in) and On-Premise deployments (VRC, Meeting Connector, and Recording Connector) are not impacted.
• For our own infrastructure, Zoom is following the recommended mitigation steps from Apache and patching any identified systems by updating to Log4j version 2.16.0 or implementing recommended mitigations.
5. Is Zoom vulnerable to Log4j?
• The Zoom Security Team conducted a thorough investigation and believes Zoom Clients (including VDI and VDI plug-in) and On-Premise deployments (VRC, Meeting Connector, and Recording Connector) are not impacted.
• For our own infrastructure, Zoom is following the recommended mitigation steps from Apache and patching any identified systems by updating to Log4j version 2.16.0 or implementing recommended mitigations.
6. What are you doing to fix this?
• Zoom is following the recommended mitigation steps from Apache and patching any impacted systems by updating to Log4j version 2.16.0 or implementing recommended mitigations.
7. What is the timeline to get a fix in place?
• Rest assured this issue is a top priority for our Security Team.
• They are following the recommended mitigation steps from Apache and patching any impacted systems by updating to Log4j version 2.16.0 or implementing recommended mitigations.
8. Are you vulnerable to this attack through your vendors / third parties?
• We are in active contact with our vendors and are deploying mitigations and patches as they become available.
9. Media reports suggest this vulnerability widely impacts the entire technology community. With that in mind, what are you doing to secure my data?
• Yes, Log4j is a commonly used software development utility leveraged by Java applications and other Apache software.
• Zoom is following the recommended mitigation steps from Apache and patching any impacted systems by updating to Log4j version 2.16.0 or implementing recommended mitigations.
10. Microsoft and other companies have already put fixes in place. If Zoom is impacted, what is taking so long?
• Zoom is following the recommended mitigation steps from Apache and patching any impacted systems by updating to Log4j version 2.16.0 or implementing recommended mitigations.
11. Hasn’t Apache already released a fix? Can’t you just use that?
• Zoom is following the recommended mitigation steps from Apache and patching any impacted systems by updating to Log4j version 2.16.0 or implementing recommended mitigations.
Comments
0 comments
Article is closed for comments.