Update: log4j Vulnerability

Catalyst Security and Operations teams have been reviewing and patching potentially vulnerable systems.

As at the time of this publication, no Catalyst systems, or any systems hosted or managed by Catalyst, have been compromised.

As we continue to monitor our and client systems, we are seeing attempts to exploit the vulnerability now that knowledge about it is widespread. We expect these attempts will only increase in frequency over the coming days.

Our current priority is to continue to monitor our systems, and where short term remediations were initially implemented, to apply longer term fixes. This work will continue over the next several days.

If you have specific questions about one of your systems managed by Catalyst, please contact your account manager.

More information about the vulnerability, and mitigations, is on the CERTNZ website:
https://www.cert.govt.nz/it-specialists/advisories/log4j-rce-0-day-actively-exploited/