Follow

Shields are deployed for customers against CVE-2021-44228

UPDATE: as at 10:39pm EST / 2:39pm AEDT / 4:23pm NZT

Following our earlier communication on the zero-day security vulnerability (CVE-2021-44228), as at 4:23pm NZT we’re confirming that for RedShield Cloud customers our engineers have deployed new shields across all of the applications we service for you ahead of schedule. Our team developed these new shields overnight and have fully tested their effectiveness against exploitation and you can be confident your apps are shielded from this vulnerability.

What’s next?
We would like to reiterate that this new vulnerability is of high severity and being actively exploited. We strongly advise checking your logs prior to this new shield being deployed. 

Remediating this vulnerability can be complex and take time. To immediately protect your other applications not shielded by RedShield - please log a P1 support ticket by calling the appropriate number below: 

North America +1 (844) 977 3303

UK & Europe + 44 118 324 2423

Australia +61 2 8880 0766

New Zealand +64 4 887 1117

For non-urgent support email support@redshield.co.

Thanks,
RedShield team




//////////////////


Why is RedShield notifying customers?

Earlier today we were notified by CISA, ACSC and CERTNZ of a far-reaching zero-day security vulnerability (CVE-2021-44228) that could allow for remote code execution by nefarious actors on a server, and which could impact online applications written in Java, and has already affected Minecraft: Java Edition, Apple, Amazon, Steam, Twitter, and more.

What are RedShield doing to protect against this vulnerability?
Our team has worked to quickly develop a shield for this specific vulnerability. We have since tested the efficacy of the shield and can confirm its effectiveness against exploitation of this vulnerability. We are currently in the process of deploying this new shield across all of the applications we service with RedShield Cloud and we estimate this will be completed within 24 hours from now. We’ll confirm once it has been completed.

For on-premise RedShield customers, we'll contact you directly to schedule shields updates which cover this vulnerability.

What can you do in the meantime?
We strongly recommend you review your logs for the last day as soon as possible as a precaution. If you have other applications using Java that are not yet in blocking mode behind RedShield that you would like this shield applied to urgently, please log a P1 support ticket by calling the appropriate number below:

North America +1 (844) 977 3303
UK & Europe + 44 118 324 2423
Australia +61 2 8880 0766
New Zealand +64 4 887 1117

For non-urgent support email support@redshield.co

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments