US to issue ’emergency directive’ ordering government agencies to fix critical software flaw
It’s one of the most urgent steps the Biden administration has taken to date to address the so-called Log4J software flaw, which U.S. officials this week said could affect hundreds of millions of devices around the world. the world.
CISA officials said this week that no federal agency had been hacked using the vulnerability, but the emergency order is an effort to make sure of that by gathering a lot more data about the vulnerability. exposure of federal agencies to the problem.
Big tech companies, from Amazon Web Services to IBM, rushed to fix the vulnerability in their products and released guidance on how to patch the flaw for their customers.
The order goes further than a previous CISA directive because it requires agencies to deal with instances of Log4J that are not only directly exposed to the internet, but could be deeper in agency networks.
Overnight Wednesday, the US Patent and Trademark Office shut down external access to its IT systems for 12 hours due to “serious and urgent concerns” about the vulnerability.
The Pentagon is taking “swift action right now to identify and mitigate vulnerabilities in Log4J by monitoring malicious cyberactivity and directing mitigation against potential exploitation,” Press Secretary John Kirby said Friday.
The Pentagon, he added, continues “to work with the Cybersecurity and Infrastructure Security Agency, CISA, on a whole-of-government response.”
This story was updated with additional details on Friday.
CNN’s Michael Conte contributed to this report.
