RIA: Estonian firms may be affected by Java-related vulnerability
The Java programming language contains a vulnerability which in theory could enable an attacker to take control of a server, the Estonian Information System Authority (RIA) says.
RIA as a result urges all agencies to check whether they may be affected by the vulnerability, which pertains to the Log4j library, rather than residing in the Java language itself, and take countermeasures where necessary.
Tonu Tammer, head of the cyber incident response department (CERT-EE) at RIA, said: "Businesses and public institutions should review Java-based services in their service portfolio. Check whether updates have been issued for the products you use. If so, do the updates quickly because they patch the critical security vulnerability."
This is especially important for systems that can be accessed online, he added.
"We have contacted the institutions and vulnerable services have now been closed. We will continue to assist the affected companies in every way possible and search for new cases," Tammer said.
"The more information we have about cases in Estonia, the better we can offer help and prevent threats," Tammer added.
The vuln is a global one and resides in Java's Apache Log4j logging library, BNS reports.
Potential vulnerabilities should be patched, while RIA recommends that companies that who fear they may have been compromised email the agency here.
Various servers have been affected by the vulnerability, BNS reports.
CERT-EE also exchanges information with partners around the world and monitors developments to prevent possible attacks, while temporary measures were taken Friday night at state agencies in Estonia.
Follow ERR News on Facebook and Twitter and never miss an update!
Editor: Andrew Whyte