Z6_0IDCHAS0L8HH60Q0R1J4742S14

Konica Minolta Responds To Apache Log4j Vulnerability - Updated 1/24/2022

To our valued clients:

You may be aware that Apache disclosed a Log4j critical vulnerability in a commonly used Java logging library utilized by many forms of software. Identified as CVE-2021-44228, if exploited, this vulnerability allows remote code execution on vulnerable systems, giving an attacker the ability to import malware that allows them to take control of targeted systems. This is a serious issue impacting a significant number of applications, as it is commonly used by many Java installations.

Konica Minolta has tested and evaluated our internal applications and infrastructure, and we have remediated impacts to our externally facing systems. We are awaiting updates from our support vendors on tools used internally. Frequent updates to corporate security tools and heightened security monitoring have helped to minimize open issues and ensure our systems are secure. Additionally, an assessment of Konica Minolta-manufactured office multifunction products was completed and since the Log4j library is not in use in our system architectures, none of the current or past Konica Minolta office bizhub MFPs, including the new iSeries products are subject to this vulnerability. We have identified that a firmware upgrade for various production print systems with the IC controller may be impacted if the controller is externally facing. Despite the fact that the majority of these systems are behind a closed network, Konica Minolta technicians will be proactively reaching out to customers to schedule a service call to upgrade their firmware. Production print systems with the CREO and EFI controllers are not impacted. We are continuing to test our production and industrial print systems and would recommend you check this site for on-going updates.

We are actively continuing to investigate any potential impact from third party partner solutions. Some of our partners have provided updates for the following software applications:

Kofax Products and Apache Log4j2 Vulnerability Information
Papercut Log4Shell (CVE-2021-44228)
Pharos Products and Log4j Exploit
YSoft SafeQ6 Security Issue Reporting

Konica Minolta will continue to actively monitor this situation and the impact that this may have on any and all of our integrated technologies.

Our Depth Security offensive services team can help you to discover weaknesses, simulate real-world attacks and build better defenses for your business. If you have any questions or concerns related to the Log4j critical vulnerability, concerns with the security of your current environment, or would like remediation for your application infrastructure, please contact SolutionsSupport@kmbs.konicaminolta.us.


Sincerely,
Mike Lee
Senior Vice President
Chief Information Officer