HSO is aware of active exploitation of a critical Log4j Remote Code Execution vulnerability affecting various industry-wide Apache products. This vulnerability is in the open source Java component Log4J versions 2.0 through 2.14.1 (inclusive) and is documented in Apache CVE-2021-44228.

Currently, HSO is not aware of any impact to the security of our product portfolio and has not experienced any degradation in availability of those services as a result of this vulnerability. In addition, we are following the information and guidance Microsoft is providing related to cloud business applications such as Microsoft Dynamics 365, Microsoft Power Apps, etc.

We advise our clients to follow the guidance, as updated from time to time, from Microsoft:

If you wish to engage further with HSO on this specific topic then please contact us.