Update 21 Dec 11.30am: Advisories around Log4J patches are constantly being updated with new patches being released. It is important to keep these up to date.
We recommend following the CERT NZ advisory for the latest Log4J updates and guidance.
Update 16 December 12:20pm: We’re continuing to investigate and reach out directly to schools that we believe are vulnerable or at high risk on what we can do to help protect them. Our team is working through the responses as quickly as possible.
We recommend following the CERT NZ advisory for the latest Log4J updates and guidance.
Update 15 December 12pm: We have investigated N4L systems and we have either confirmed that there are no vulnerabilities, or have mitigated any issues. At this time we don’t believe we have seen any impact on our systems and we believe all customer information remains secure.
We have also applied a block across the network on ports 443 and 80.
We do recommend patching your systems and limiting access to these until appropriate patches are in place. More technical information can be found here, which will continue to be updated as we learn more.
Original Update 14 December 9.27am: We’re aware of the Log4J vulnerability and are actively working with the Ministry of Education to understand what this means for schools and how we can help.
We’ll be in touch with more information as soon as we can, and continue to update this alert as we learn more.