At Proofpoint, as in many organizations, it’s been an all hands on deck exercise since details emerged around CVE-2021-44228 (also known as Log4Shell). In situations like these, we bring together our global teams to identify and remedy any risks to customer environments as well as investigate any exposure we may have ourselves.
Once the Log4j vulnerability was disclosed and over the weekend, we posted guidance to our Communities site for Proofpoint customers and relayed status via our global support teams. However, given the serious risk and security community attention on this vulnerability, we’re posting our latest status as a public blog as well. Please see below for the full table for the details on the applicability of CVE-2021-44228 on individual Proofpoint products.
In addition, we always try to share our own work in detecting exploitation of vulnerabilities--especially one as widespread as Log4Shell vulnerabilities—for free. We’ve updated the Emerging Threats Open ruleset several times with additional signatures for Snort and Suricata, and it’s easy to get the latest via the instructions here.
We are aware of another vulnerability that impacts log4j2, CVE-2021-45046, as well as changes to the effectiveness of countermeasures. Remediation for these issues is complete.
We are aware of CVE-2021-45105 and CVE-2021-44832, which affect log4j2, and have assessed their impact/severity. Based on the currently available information, we plan to address these issues as part of our normal patch and vulnerability management processes.
We’ll continue providing updates first through our normal channels (Communities and Support), which should be consulted first, but will also keep this blog current. We recommend you check back frequently to confirm the latest status of our products. In the meantime, our thoughts are with all the security teams who are working nights and weekends to protect their organizations.
| Product | Status |
|---|---|
| Archiving Appliance | Impacted, remediation implemented |
| Archiving Backend | Impacted, remediation implemented |
| Cloud App Security Broker | Impacted, remediation implemented |
| Cloudmark Cloud/Cloudmark Hybrid | Impacted, remediation implemented |
| Cloudmark on Premise | Not Impacted |
| Content Patrol | Not Impacted |
| Data Discover | Not Impacted |
| DLP Core Engine | Not Impacted |
| Email Continuity | Impacted, remediation implemented |
| Email Fraud Defense (EFD) | Impacted, remediation implemented |
| Email Protection on Demand (PoD), including Email DLP and Email Encryption | Impacted, remediation implemented |
| Email Protection On-Premises (PPS), including Email DLP and Email Encryption | Impacted, remediation implemented. If your deployment is configured to manually apply patches, please reach out to support for help or to verify if the remediation was applied |
| Email Security Relay | Impacted, remediation implemented |
| Endpoint DLP | Not Impacted |
| Essentials Archive | Impacted, remediation implemented |
| Essentials Email | Not Impacted |
| Insider Threat Management On-prem | Not Impacted |
| Insider Threat Management SaaS | Impacted, remediation implemented |
| Insider Threat Management SaaS Endpoint Agents | Not Impacted |
| Isolation | Not Impacted |
| Meta/ZTNA | Not Impacted |
| Nexus People Risk Explorer | Not Impacted |
| Proofpoint Compliance Gateway | Impacted, remediation implemented |
| Secure Email Relay | Impacted, remediation implemented |
| Secure Share | Not Impacted |
| Security Awareness Training | Impacted, remediation implemented |
| Sentrion 4.4 or earlier | Not Impacted |
| Sentrion 4.5 | Impacted, remediation implemented -Please reach out to support for help or to verify if the remediation was applied |
| Social Discover | Not Impacted |
| SocialPatrol | Impacted, remediation implemented |
| SocialWare | Not Impacted |
| Targeted Attack Protection (TAP) | Not Impacted |
| Threat Response (TRAP) | Not Impacted |
| Web Security | Impacted, remediation implemented |
Impacted, remediation implemented = Proofpoint product used a version of the Log4j software identified as vulnerable in CVE-2020-44228 and Proofpoint has implemented the open source project's recommended mitigation
Impacted, remediation in progress = Proofpoint product uses a version of the Log4j software identified as vulnerable in CVE-2020-44228 and Proofpoint is in the process of implementing the open source project's recommended mitigation
Not Impacted = Proofpoint product does not use a Log4j version vulnerable to CVE-2021-44228
Is your organization protected from targeted attacks? Learn about Ransomware Attacks.