VQ’s Monthly News – June

Welcome back to the VQ newsletter. This time we reflect on a successful trip to Cisco Live in Las Vegas, look ahead to Cisco Impact in August, and we highlight exciting features on the way with VQCM 3.10.

Read on for:

  • VQ’s latest trip to Cisco Live, and what’s next
  • VQ CEO Mike Horsley shares his Cisco Live experience
  • ThunderCat hosts the VQ team on its recent webinar
  • A new Cisco Black belt Stage 3 guide
  • And much more

What’s new at VQ?

Celebrating the Cisco community in Las Vegas

For the first time since 2019, Cisco Live took place in-person with 6 members of the VQ team flying out to Las Vegas.

On both our stand, and meeting room, we were back-to-back in meetings with partners and both existing and potentially new customers.

Read more from VQ’s CEO Mike Horsley on how the week went….

“Cisco Live was a blast. It’s always great to be in Las Vegas just because it’s so different from the very green and English everyday of living about 90 minutes west of London.

The scale of the Cisco Live events is always really impressive and there’s always quite a kick being on the Cisco side of the floor.

We’ve been back about a week; the consensus is that we had a fantastic show. What was particularly nice was meeting all the people face to face that we work with as customers and partners. It’s felt like a long time and so it was really great to sit down, talk and share a coffee or beer.

Some of the highlights from the event:

  • A pre-production version of VQCM 3.10 was on our stand demonstrating our first version of DMA in the form of TMS Style Directory Services. Our demonstrations were very well received. We used a collection of Webex Pros and Minis connected back to our systems at VQ Towers in the UK. A surprising number of people hadn’t seen the Minis before and they were impressed.
  • Jon English wowed the crowd with his “TMS Replacement” presentation in the Collaboration Showcase.
  • We were back-to-back all week in the off-floor briefing room. DMA phase 2 (device configuration) looks like it hits the spot. The collective real-world, large scale, enterprise experience in the team of what worked in TMS and what didn’t (or was missing) resulted in some very in-depth discussions about DMA’s functionality and capabilities. Importantly, what we showed and how we answered survived the rigorous questioning and use case scenarios which was very pleasing.
  • One of our goals for the briefing room meetings was to validate future product thoughts and concepts which I’m pleased to say went well.

We went to Cisco Live with a sense of anticipation: how would it go and how would people react to the VQ 2022 story? The outcome: we had our best Cisco Live ever and the DMA/TMS Replacement addition to VQ Conference Manager is seeing very strong interest and order pipeline growth. We look forward to doing it again next year.”

Thank you to all of you who followed us along on our LinkedIn and Twitter accounts. If you missed out this time around, stay tuned to our LinkedIn page for more in the future.

Dive Deeper

The excitement doesn’t end there for our team.

Once wasn’t enough for the VQ team in Las Vegas this year, as we will be back at Cisco IMPACT during the 29th – 31st August.

We’ll be talking a lot more about VQCM 3.10 and what’s on the way for the rest of 2022 and beyond.

Did you know?

Existing Cisco TMS users can still get a 20% migration discount for VQ DMA until 31st October 2022 too (in partnership with Cisco).

Don’t miss out – email info@vqcomms.com to find out more.


Cisco Corner

Biggest and best this month

It’s been a busy few weeks for the Cisco and Partner community, so below are some highlights and news updates:

  • VQ’s Steve Holmes recently joined ThunderCat Technology for a webinar focused on how businesses can migrate from Cisco TMS to VQ DMA. Watch here to find out more.
  • Cisco have published a helpful blog post explaining VQ’s Stage 3 Black Belt training – enabling partners to unlock the full range of VQCM’s product offering.
  • Curious about what new content was on show at Cisco Live? Luckily, all the event’s best announcements have been curated under one roof here.

Inside VQ

A word from Giles Adams

Finally, here are some additional thoughts from VQ’s Business Development Director, Giles Adams, on his Cisco Live 2022 experience:

“Echoing Mike’s words, it was fantastic to see the reception at Cisco Live for the product we’ve created. VQ Conference Manager DMA (the Cisco TMS replacement), really resonated with our audience. Interest was strong and we look forward to seeing our growth in pipeline translate into new business. Make sure you watch this space.”

US DOD Approved Product List announcement – June 2022

When we started out on the VQ journey, we had some ideas on what we’d do, why it would be useful and from that, why it’d be a good thing to do.

We never imagined we’d have some of the customers we have today. It’s truly remarkable who uses our software.

So, in a journey that’s consisted of a sequence of remarkable events, I’d like to let you know of the next one…..

VQ Conference Manager 4.0 has been added to the US DOD Information Network Approved Products List (“APL”).

https://aplits.disa.mil/processAPList.action

From the vendor list, you can now select VQ Communications. How brilliant is that?

This represents a huge amount of work that’s taken place over the last 18+ months by the VQ team and the DOD test teams. We’ve had amazing support from Cisco and their guidance helped us negotiate the process successfully.

With the APL grant made, we’re going to tidy up a handful of bugs and release VQCM 4.0 shortly. From a functionality point of view, VQCM 4.0 has the same functionality as VQCM 3.9.2. Our focus has been to get APL and it’s taken a lot of effort over a long period. The DMA functionality that’s about to appear in VQCM 3.10 is not in the first version of VQCM 4 but, rest assured, it’s coming and we’ll be working with the DOD test teams in terms of following the correct APL process.

Thanks again for being such great customers and take care.

Mike

VQ Conference Manager Device Management and Automation (DMA) and Approved Product List (APL) Update – June 2022

DMA or, giving it its full name, VQ Conference Manager DMA will be introduced in VQ Conference Manager 3.10. The great news is that 3.10 is heading towards completion with a release date of late July. In case you are wondering, DMA is an abbreviation for Device Management and Automation.

Device Management and Automation (DMA)

3.10 contains TMS style Directory Services and Address books. The VQ team continues to grow and our ability to attract incredible people never ceases to amaze me; over the last 18 months or so, we’ve added experts in designing and deploying video/UC services at a massive scale. That expertise includes what worked, what didn’t and what was missing from TMS. That expertise and experience has been central to the design of DMA and the requirement for tooling to help customers migrate their data from TMS.

In 3.10, we’re releasing the first version of DMA. We think it looks pretty good; it contains features we think you’ll really like and it’ll make your life easier.
 
With Directory Services released in 3.10, we move on to Device Configuration which will appear in 3.11 in a few months’ time.

VQ Conference Manager 4.0

JITC approved and FIPS compliant

For our customers in Defence and Government, we’re now in the final stages of JITC approval testing of VQ Conference Manager 4.0. At the time of producing this video, we’re literally days away from testing completing and US Department of Defence Information Network Approved Product List status being granted mid-to-late June. Our fingers (and everything else) are crossed and we hope no last minute issues are detected.
 
Conference Manager 4 is a big deal. Its unique in that it’s the only CMS management solution that’s on the DOD APL list; its FIPS compliant. Very cool stuff like HA and native Cloud are designed in and are now just over the horizon. All the VQ goodness from 3.9 are in 4.0 and 4.1 will contain DMA.

What’s next

Moving beyond DMA and APL, the next wave of VQ funk is lining up. Next generation end-user UIs, WebRTC solutions, MS Teams integration and secure participants are well down the development pipeline and heading your way.
 
If you have any questions or would like to discuss any aspect of the product or our roadmap, please mail me via mike@vqcomms.com and we can setup a meeting.

Thanks again for being such great customers.
 
Regards

Mike

VQ’s Monthly News – May

It’s time for another VQ Communications newsletter where we look ahead to Cisco Live in Las Vegas and Integrated Systems Europe in Barcelona, the VQ team discuss their recent trip to Washington DC, and we cover what’s happening in the Cisco community.

Read on for:

  • VQ’s upcoming trips to Barcelona and Las Vegas
  • Steve Holmes joins the Webex Partner Podcast
  • Giles Adams shares his thoughts on his trip to Washington DC
  • Our latest webinar exploring all the features in VQCM 3.9
  • And plenty more

What’s new at VQ?

The VQ team are preparing for ISE and Cisco Live

We’re excited to return to in-person events, including Integrated Systems Europe conference in Barcelona on the 10th – 13th May, which Steve Holmes will be attending.

We have a bunch of fantastic features we’re eager to discuss, including VQCM’s DMA and how it’s the ideal landing spot if your business is migrating from Cisco TMS. If you want to meet up with Steve at ISE, he’s set up a Calendly event which you can access here. He’ll be in contact with you to confirm a location.

Fancy a preview? Watch VQ Communications CEO, Mike Horsley, give the rundown on DMA.

Cisco Live is also rapidly approaching – the first in-person Cisco Live in two years. Taking place on 12th June – 16th June in Las Vegas, you can register to attend online or in-person your interest here. Our calendars are booking up quickly so let us know if you would like to meet at the event.

APL Update

Getting closer……The process of getting US DOD Information Network Approved Product List approval continues. One of the key milestones has been achieved and VQCM 4.0 based on RHEL 8.5 is progressing through its testing. We’ll update you again next month.

Dive Deeper

VQ Communications Vice President of Sales, Steve Holmes, recently sat down with the team at Webex for their partner podcast.

On the podcast the speakers explore the development of VQ Conference Manager, how DMA will support migration from Cisco TMS, as well as some hints to exciting future features.

Check out the full podcast on Webex’s YouTube channel

Existing TMS users can still get a 20% migration discount for VQCM DMA until 31st October 2022 (in partnership with Cisco). Don’t miss out, email info@vqcomms.com to find out more.


Inside VQ

A word from Giles Adams

VQ’s Business Development Director, Giles Adams, shares his thoughts on a recent trip to Washington DC with Steve Holmes:

“It was fantastic getting out to meet customers and partners, while mixing in a bit of sightseeing for our business trip too. We had a lot of great, productive discussions with people about what’s coming over the next few months. 

We were conscious that technology migration can be daunting, but were really pleased with how receptive people were, especially after we reaffirmed the benefits of DMA. ISE and Cisco Live are right around the corner, so it’ll be great to answer more questions during those trips.”

Cisco Corner

Biggest and best this month

Looking for some reading material? We highlight interesting content from the Cisco community and our own news-in-brief updates.

  • Our new reworked Analytics platform is here to provide you with faster, more intuitive data. Read more here.
  • Looking to demo VQ Conference Manager to your customers? You can now schedule a VQ Conference Manager demo session in Cisco’s dCloud environment. Go to dCloud, click on Catalogue then search for VQ. Additional resources include the VQ Conference Manager Demo Guide in both pdf and video formats.
  • Curious about the other VQCM 3.9 features like One-Button-To-Push? Watch our recent webinar running through all the new additions.
  • Cisco’s President of EMEAR, Wendy Mars, recently shared her thoughts on how technology and the wider Cisco partner community can work towards net zero.

VQ’s Monthly News – March

Welcome to another VQ Communications newsletter. This time we have an overview of VQ Conference Manager’s TMS replacement, share details on our next webinar and highlight the VQ team’s upcoming trips to the US.

Read on for:

  • VQ’s TMS replacement – VQ Device Management and Automation (DMA)
  • Our upcoming webinar on how you can introduce VQCM to your customers
  • Steve Holmes and Giles Adams are visiting Washington DC – fancy a coffee?
  • Some thoughts from VQ’s Vice President of Sales
  • And plenty more

What’s new at VQ?

VQCM 3.9 is here, but what does that mean?

If you’re looking to migrate from Cisco TMS, VQCM’s DMA is the answer. A constantly evolving suite of powerful features, such as One-Button-To-Push and improved Directory Services, are just some of what you can look forward to.

Watch here as VQ Communications CEO, Mike Horsley, walks you through everything.

Don’t miss your 20% migration discount for existing TMS customers until 31st October 2022 (in partnership with Cisco). Email info@vqcomms.com to find out more.

Dive Deeper

In our upcoming webinar we delve into the benefits of including VQ Conference Manager in your Cisco Meeting Server proposals, VQCM customer use cases and practical advice such as order placement and licensing models.

We will also provide a rundown of useful resources such as Cisco’s Blackbelt Academy, further details of our TMS replacement and migration offer, and upcoming plans for Cisco Live US.

Please note this webinar is for Cisco and Partners only.


Cisco Corner

Cisco Live 2022

Biggest and best this month

Looking for some reading material? We highlight interesting content from the Cisco community and our own news-in-brief updates.

  • The VQ team is excited to see you at Cisco Live US, taking place in Las Vegas from 12th June – 16th June. You can get all the details and register here.
  • In partnership with Cisco, our Stage 3 Black Belt training is live here!
  • We hosted a webinar for our TMS replacement – catch up on-demand here to find out how DMA will manage and secure your Cisco environment
  • Steve Holmes is flying out to Dubai and Saudi Arabia in March, contact Steve if you’re interested in meeting.
  • Giles Adams and Steve Holmes will be in Washington DC from 3rd April – 8th April, contact Steve on sholmes@vqcomms.com if you’re interested in meeting.

Inside VQ

VP of Sales Steve Holmes


A word from Steve Holmes

VQ Communications Vice President of Sales, Steve Holmes, shares his excitement for the promising months ahead:

“We’re fully on the road for 2022, and already we’re seeing a semblance of the old normal come back. Between an upcoming trip to Washington DC this April and Cisco LIVE in the summer in Las Vegas, everyone at VQ is feverish to meet partners and customers in person.

The sunny escape from the inconsistent British weather is an added bonus too.

Beyond those trips, we can’t wait to share some juicy details for the future of VQ’s Conference Manager, with information on our JITC validated 4.0 update coming soon.”

Steve Holmes

VQ’s Monthly News – February

Welcome to the VQ Communications newsletter. In this edition, we cover VQ Conference Manager’s 3.9 release, share some recent webinars and highlight the key features for our TMS replacement in partnership with Cisco.

Read on for:

  • VQ Conference Manager 3.9 launch, packed full of improvements and new features
  • We held webinars on our new revamped Analytics and 3.9
  • Cisco presented VQ’s TMS replacement – VQ Device Management and Automation (DMA)
  • Our upcoming webinar on DMA and its features
  • We’re coming to the Middle East and US – say hello to Steve Holmes & Giles Adams
  • Some thoughts from VQ’s CEO, Mike Horsley

What’s new at VQ?

VQCM 3.9 is here, but what does that mean?

We’re excited to have recently released VQ Conference Manager 3.9. Below are some highlights:

  • One-Button-To-Push a quick and straightforward way of scheduling and joining meetings.
  • Pane Placement and layout management gives operators precise control over meeting layouts, ensuring each participant is right where they need to be.
  • Analytics has been overhauled – who doesn’t like better analytics, after all?

VQCM is constantly evolving, and 3.9 is a big leap forward for our users. We’re always looking ahead to the future and with our next version we plan to implement new Directory Services and much, much more.

Dive Deeper

Looking to upgrade from Cisco TMS? Here is a handy overview of all the features VQ’s DMA replicates and builds on, which Cisco recently presented at their Collaboration Specialist Training event.

In partnership with Cisco, VQ is offering a 20% migration discount for existing TMS customers until 31st October 2022.

Get in touch with info@vqcomms.com or join our ‘ask VQ’ Webex Space to find out more.


Cisco Corner

VQ Black Belt Training

Biggest and best this month

Looking for some reading material? This section highlights some of our favourite content from the wider Cisco community as well as our own quick-fire news updates.


Inside VQ

CTO Mike Horsley

A word from Mike Horsley

VQ Communications CEO, Mike Horsley, reflects on an energetic few months, as well as the road ahead:

“Sometimes it feels like VQ is a bit like a swan swimming through water; above the water, somebody looking on sees a serene bird effortlessly gliding across the water. Under the surface, the Swan’s legs are going gangbusters.

2021 was a bit like that in the legs department. We managed to release 3.7 and 3.8 and get all the preparation work done for 3.9 (released Jan 2022). Behind the scenes, some really interesting and long running activities have been drawing towards conclusion.”

Read Mike’s full blog for more details.

Some thoughts from VQ’s CEO

Sometimes it feels like VQ is bit like a Swan swimming through water; above the water, a somebody looking on sees a serene bird effortlessly gliding across the water. Under the surface, the Swan’s legs are going gang-busters.

Yep, 2021 was a bit like that in the legs department. We managed to release 3.7 and 3.8 and get all the preparation work done for 3.9 (released Jan 2022). Behind the scenes, some really interesting and long running activities have been drawing towards conclusion.

Device Management and Automation (“DMA”) is the name we’re giving to the functionality we’re adding that will enable customers to migrate from Cisco’s TMS onto VQ. We already have scheduling, an API and first generation OBTP. Next step is to add TMS style hierarchical Directory Services and Address Books (TMS Phone Books) which should release sometime in the April time-frame. With that done, we move onto device configuration which will enable administrators to configure and manage their Cisco endpoint fleet. The “Automation” in DMA covers tasks that are currently done manually and consume way too much time of expensive experts.

APL – For about the last 15 months we’ve been working to get VQCM certified for use by the US Department of Defense and on what’s called the “Approved Product List” or APL. Getting onto APL makes it much easier for DOD and Government agencies to buy and deploy products. As you can probably imagine, this is not a simple or straightforward task; speaking personally, I’ve been amazed at the number of people involved and also really impressed at how the process works; the incredible help we’ve had from the testing teams and the compliance team at Cisco. The result of all of this work is VQCM 4.0; VQCM 4.0 is based on Red Hat’s Enterprise Linux 8.5 and is JITC compliant. VQCM 4.0 should go into the testing labs on or around March 25 and the result of that should, a little later, be APL status.  In terms of functionality, 4.0 is VQCM 3.9.1 on the new RHEL stack. It also features a new CM-Admin and is High Availability capable (we’ll focus on APL and single node initially). Watch out for more information.

Scaling might sound like an odd one to get excited about but, trust me, it is. Currently, we have a limit of about 750 users concurrently logged into the UI at any point in time. Over the next couple of releases, changes going into 3.10 get built upon on that will enable us to support thousands of logged in users. The big enabler being the changes going into 3.10.

Outlook Plug-in – The Outlook Plug-in is receiving some serious love supported by changes in 3.8 and 3.9. We’re in late-stage acceptance testing by the launch user of the updated plug-in. Once they sign it off, we’ll make it generally available. To see it in action, have a look at this video.

Broadway – Broadway is the internal name for our next generation interface for end-users. Cross-platform, language enabled and accessibility “out of the box”, the intention behind Broadway is that it gives us a single UI framework that can be used multiple times. So, for example, it might replace the Outlook Add-in or be used as a Web UI or packaged to be a native Windows, Mac, iOS or Android application.

I’ve presented quite a list of what’s going on at VQ Towers.
If you put all the details to one side, the take-away is that VQCM is becoming an amazing platform for creating and delivering video (or UC) services. We’re painting a picture of where we’re going; we’d really love to bring you along on the ride.

VQCM Training – Before concluding, I’d also like to give you a heads-up on some exciting work that’s currently underway in the world of VQCM training. Our training courses hosted by our training partner, Scott Waschler (TEKnowLogical Solutions) get rave reviews; our Data Scientist lead, Ethan, is working with Scott to put together a Kibana Analytics training course based on the new dashboards introduced at 3.9. The objective being to get a really good, high quality course that gets the contents of Ethan’s head into the broader VQ community.

Cisco Live Las Vegas – Finally, we’re lined up for Cisco Live in Las Vegas for the week June 10-16. We’re on the Cisco Collaboration stand so will be in the thick of things. We also have an off-stand private suite for meetings and NDA presentations. The attending team will include sales, engineering and product management (DMA, Broadway and overall). Expect to see some new faces. We’ll be showing what you can buy now, our roadmap and ideas and be there to talk about what you need going forwards.  Hotel and flights booked – Vegas here we come, and we’d love to catch-up face to face. It’s been two years and we’ve really missed it.

Join our Webex Space or email us at info@vqcomms.com to find out more.

VQ Conference Manager 3.9 Released

VQ Conference Manager 3.9 released mid-January and takes us forward in a number of key areas:

  1. One-Button-To-Push (“OBTP”). OBTP is something customers love and it’s been on our “to-do” list for a long time. OBTP follows on from Recurring Meetings and the public API; we now offer 3 of the key TMS features that will enable customers to migrate away from TMS.
  2. Pane Placement/Layout management. Key for concierge services, Pane Placement allows the positioning of participants in specific video panes.
  3. We’ve completely restructured the reporting dashboards with a very contemporary looking, clean, update. We’re particularly pleased with how visual they are; a lot of information is conveyed quickly and easily. Customer feedback from during the development process was incredibly positive. Not only do they look great, they’re also blistering quick. A lot of backwards and forwards took place between our engineering team and the engineers at Elastic. The results are stunning.

Watch our VQCM 3.9 Release Webinar here

VQ Conference Manager 3.9 is exciting because it adds some great new features. In my mind, however, it’s even more exciting because it’s the next step in a sequence that concludes with a full set of TMS replacement functionality. At VQCM 3.10 (April, 2022 time-frame), we add TMS style Directory Services and at VQCM 3.11, we’ll add device management (device configuration templates). 

The excitement is therefore that things are slowly but surely dropping into place and customers will have a secure, scalable, solution that enables them to deliver video conferencing services with end-to-end control. All based on best of breed, modern, software technology and components.

If that wasn’t brilliant enough, a lot of hard work in 2021 means the following are now just below the surface:

  • A JITC compliant version of VQCM based on Red Hat Enterprise Linux (RHEL) 8.5. This is due to go into US DOD cyber scan testing in Q1 2022. The first version will be single node but HA will follow on.
  • A multi-language capable end-user centric user interface.
  • Something called “Call Gate” and “Identity Assured Participants”. We’re about to demo the concept for the first time. If you think it sounds interesting, let us know and we can do private demos. If you’d like to take a guess of what it is, we’ll give* VQ Sweatshirts for the most accurate or interesting answers.

That just leaves this small thing called the Cloud. As 2022 unfolds, we plan to “unleash the beast” and rather than run VQCM under Kubernetes in a VM on VMWare, we’ll take VQ and run it under Kubernetes natively on a cloud service such as AWS. We ran the concept last year and it was surprisingly painless. Our focus then switched to the RHEL version of VQCM. The plan is to repeat the process and take the RHEL version of VQCM, run the playbooks and have it alive and kicking under AWS. ”Look, no-hands” or more importantly, no VMWare. Anybody interested in running a secure version of VQCM on, for example, a secure Cloud? Answers on a postcard please.

Looking forward to a great 2022

Mike

* Limited Supply. Allocated in an entirely arbitrary manner.

VQ’s 2021 End of Year Review

VQ Advisory. December 15, 2021: CVE-2021-44228 status update

Following the recent critical CVE issue with Log4j (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) a second, lower severity CVE was made public December 14, 2021 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046). This second CVE is not mitigated by the previously provided mitigation script, however it is important to note that this is a separate issue to the one initially disclosed and has a much lower severity rating at the current moment.

Current advice from Elasticsearch (ES) regarding this new CVE and the mitigation previously provided indicates that it will still protect users against information leaks:

Update 15 December: A further vulnerability (CVE-2021-45046) was disclosed on December 14th after it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. Our guidance for Elasticsearch and Logstash are unchanged by this new vulnerability and we are currently working to assess other products in order to provide a clear statement.”

It is also worth noting that:

Details on Elasticsearch information leakage

The information leakage vulnerability in Log4j enables an attacker to exfiltrate certain environmental data via DNS – it does not permit access to data within the Elasticsearch cluster. The data that can be leaked is limited to those available via Log4j “lookups”, which includes system environment variables and a limited set of environmental data from other sources.


(https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476)

The threat from the Denial of Service (DoS) that this new CVE presents can’t yet be fully dismissed. However early reports of testing this attack vector have indicated that it has a lower impact and is considered a limited DoS:

“However, in our testing we did not find this DOS to be resource consuming as it seemed that the infinite loop created by recursively resolving ${ctx:apiversion} was identified by the program and errored out.” – https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/

Here at VQ Communications we are actively monitoring the situation and incoming CVEs. As many security analysts are predicting that this situation is far from finished developing we continue to advise caution in exposing of your VQCM virtual machines and APIs to the public internet. There is every chance that more details regarding these CVEs and as yet undisclosed issues will surface in the coming days or weeks. We advise a defensive posture until such point as customers can upgrade to the 3.9 release of VQCM (due January 17, 2022).

The following posts provided additional background information:

https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/

https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228

Summary:

1. The guidance from Elastic remains that the mitigation outlined in our mail yesterday still holds for the information leak. Apply the mitigation script if you haven’t already. When VQCM 3.9 becomes available in January (target Jan 17, 2022), update to VQCM 3.9.

2. Minimize public internet exposure wherever possible. If you do need to expose a public service, ensure only HTTPS ports are open and use a reverse proxy or equivalent.

We have added a link on the home page of vqcomms.com; it links to the latest status and all of our posts related to this CVE. 

The Mitigation Script and guidance to using it can be found here:

  • Navigate to the https://www.vqcomms.com/resources/ page, log in and download the “log4j2-cve.zip” file from the “CVE-2021-44228 Mitigation Script” category. A User Guide can also be downloaded.

regards

The VQ Team