New information has come to light as we continued our due diligence in testing the installation of the Utility, verifying that vulnerabilities have been eliminated, and confirming that Adept operations function as intended. Our recent findings necessitated an update to the Mitigation Utility, which we posted to the Synergis Customer Portal on January 6, 2022.

The updated Mitigation Utility package (Critical Security Update Log4j Remediation Tool_Update1.zip) now contains additional steps that must be performed on your Web server(s). Please download this updated package from the Synergis Software Customer Portal. The instructions are updated (beginning on page 6), and the new ZIP file includes version-specific DLLs you will use to apply the additional steps required on your web servers. Again, you must perform these further mitigation steps to remediate Log4J vulnerabilities on your network whether your Adept environment(s) have licensed Adept Web clients or not.

Here is the link to the Log4J Technical Bulletin
WINNERS OF THE FORUM SURVEY!!
$25 Amazon Gift Card Winners:
--Leslie Follows
--Andrew Hallas
--Simon Koh
--Micah Conner

Synergis Software Tee Shirt Winners:
--Peter Parker
--Adam Schettler
--Steve Buchanan
--Don Adams
--Raghuraman Rethinavelu
--Christopher Wood
--Andrew Nyberg
--Jay Lovelady
--Ronald Thompson
--Mike Moffitt
--Brian Cranston
--Bill Beard
--Steven Emborsky

Log4J Security Vulnerability

MLubowMLubow Administrator, Synergis Employees Posts: 44 Synergis Employee
Here is the information from the Product Management team to address the Log4j issue.

Comments

  • JTOME_SDROJTOME_SDRO Staff Moderator, Synergis Employees Posts: 4 Synergis Employee

    ALERT: We have temporarily disabled all Adept downloads until we post a patch for the issue discussed in the Adept Technical Bulletin shared above by Martha. We apologize for the temporary inconvenience. If you require assistance before the patch is available, please don't hesitate to contact Helpdesk. We appreciate your understanding.



    James Tome
    Synergis Adept Product Owner
  • MLubowMLubow Administrator, Synergis Employees Posts: 44 Synergis Employee
    Thank you, James.
  • JTOME_SDROJTOME_SDRO Staff Moderator, Synergis Employees Posts: 4 Synergis Employee
    UPDATE: 

    Synergis Software has developed and is currently testing and documenting a mitigation utility we will make available near term. It is comprehensive and addresses several Log4J issues. We will make it available to all our customers for de-risking installed versions of AutoVue products distributed with Adept on servers (the webserver) and workstations at our customers' discretion. It is a digitally signed executable that can run as a foreground app. IT staff may also deploy the EXE and script it to run in silent mode using command-line switches, should IT wish to automate running it across the enterprise. We are treating this as the top priority. As soon as we have posted the mitigation utility, we will be sending an updated Technical Bulletin to all of our customers.


    James Tome
    Synergis Adept Product Owner
  • JTOME_SDROJTOME_SDRO Staff Moderator, Synergis Employees Posts: 4 Synergis Employee
    edited December 2021
    Our teams have completed testing of our mitigation utility.  This Technical Bulletin supersedes the earlier bulletin (now removed) that Martha shared at the start of this thread.

    Customers may access the Log4J Mitigation Utility from the Synergis Software Customer Portal. It is designed to help you eliminate all currently known Log4J vulnerabilities.  Please contact helpdesk if you need any assistance.

    We hope the Log4J Mitigation Utility is helpful in your efforts to eliminate Log4J vulnerabilities in your organization.

    From all of us at Synergis Software, best regards and best wishes for the Holidays!


    James Tome
    Synergis Adept Product Owner
  • JTOME_SDROJTOME_SDRO Staff Moderator, Synergis Employees Posts: 4 Synergis Employee
    edited 4:30PM
    UPDATE:

    New information has come to light as we continued our due diligence in testing the installation of the Utility, verifying that vulnerabilities have been eliminated, and confirming that Adept operations function as intended.  Our recent findings necessitated an update to the Mitigation Utility, which we posted to the Customer Portal on January 6, 2022.

    The updated Mitigation Utility package (Critical Security Update Log4j Remediation Tool_Update1.zip) now contains additional steps that must be performed on your Web server(s).  Please download this updated package from the Synergis Software Customer Portal.  The instructions are updated (beginning on page 6), and the new ZIP file includes version-specific DLLs you will use to apply the additional steps required on your web servers. Again, you must perform these further mitigation steps to remediate Log4J vulnerabilities on your network whether your Adept environment(s) have licensed Adept Web clients or not.

    The previously released Technical Bulletin remains unchanged.

    To those of you who have contacted our Helpdesk in recent weeks inquiring about recommended mitigation practices and reporting issues along the way, we appreciate your time, effort, and patience as we navigate this unprecedented situation together. Situations like this illustrate the genuine cooperative nature of our relationship as we work together to protect your data in Adept. If you have follow-on questions or comments, please do not hesitate to contact Helpdesk.

    Wishing each of you a safe and prosperous New Year,
    Synergis Software

    P.S.  Please vote up this comment if you've read it as we're interested to know if this is an effective means of notifying the community of critical information.

    James Tome
    Synergis Adept Product Owner
Sign In or Register to comment.