Faronics products not affected by Log4j vulnerability.
Posted by Adam Zilliax on 13 December 2021 12:35 PM
On December 9th, 2021 a CVE was published that details a severe vulnerability in the Log4j framework. This vulnerability allows 3rd parties to run code on impacted devices allowing them to potentially take control over an impacted device.
Faronics was made aware of this issue and began a process of reviewing our systems to determine if anything was impacted by this issue.
Deep Freeze Cloud / Faronics Deploy
Neither the Deep Freeze Cloud nor the Faronics Deploy products make direct use of the Log4j framework.
While our service provider who hosts the Deep Freeze Cloud and Faronics Deploy applications does make use of these frameworks, all indications are that our service provider has patched against this vulnerability. We are continuing to monitor the responses from our service providers as more information becomes available and will implement any required changes to ensure that this vulnerability does not pose a threat to our customers.
Faronics On-Premise Products
Faronics on-premise products do not make use of the Log4j framework and no action is required at this time.
Please contact Technical Support (firstname.lastname@example.org) should you have any concerns.