VIPRE Email Security: Is VIPRE protected against the Log4j vulnerability?

Info captured from Vendor's website here:

On December 9, 2021, Apache disclosed CVE-2021-44228, a remote code execution vulnerability within Apache Log4j, a Java-based logging framework widely used across the industry. The vulnerability affects Log4j versions 2.0 up to 2.14.1 when a specific log message translator is enabled (as it is by default), but has been patched in version 2.15. This vulnerability is assigned the highest possible severity of 10, meaning it is severe, easy to exploit, and remotely exploitable.

VIPRE has undergone an extensive audit of our core product services and has determined that none of our services use vulnerable versions of Log4j with the vulnerable components accessible. At this time we can state that we are not aware of any possible risk to our infrastructure or our customers' data. As this situation is dynamic, however, we continue to investigate and are deploying defensive countermeasures in case the vulnerability turns out to be more extensive than initially reported.

Protecting Yourself From Risk

If your organization hosts any sort of publicly-accessible network services - such as websites or web applications - or even internal networked applications, VIPRE recommends that you conduct your own internal audit of infrastructure and software to identify any systems that might use the Apache Log4j2 logging framework. Remember that many applications include libraries and other components that might themselves include Log4j. Patch such applications or deploy mitigations as recommended by Apache: Log4j – Apache Log4j Security Vulnerabilities.

VIPRE solutions can help protect your infrastructure against attacks like this, for example if attacks are embedded in email attachments or attacks are launched against systems protected by Endpoint Security. Ensure that any deployed VIPRE security solutions are fully up to date along with any security definitions used by VIPRE products.