Exploit Code Available for PwnKit Vulnerability (CVE-2021-4034)

Summary: On January 25, 2022, Qualys disclosed a PwnKit privilege escalation vulnerability (CVE-2021-4034) that affects the pkexec program installed by default on all major Linux distributions. Pkexec is a component of Polkit (formerly PolicyKit), which… More »

ESS Contact Update

As previously shared as part of ESS’s separation from Capita, ESS (Education Software Solutions) will be migrating all of their customers out of the Capita support tool and into the ESS support tool from 24… More »

Critical HTTP and Microsoft Exchange Server vulnerabilities – Remote Code Execution

Summary: On January 11, 2022, Microsoft released patches for critical and important remote code execution (RCE) vulnerabilities that could be appealing to threat actors. There are no reports of active exploitation as of this publication,… More »

Maintenance to NetSweeper Web Filtering

As part of ongoing performance improvements, we will be replacing some key equipment within the NetSweeper Web filtering infrastructure. In order to achieve this customers will see a period of outage while the change over… More »

Service Updates News
ESS Change to Customer Support Portal

Updated 12th Jan 2022 We would like to confirm some changes taking place with ESS and their support arrangements ESS will be making upcoming change to the system used to provide customer support, the go… More »

Service Updates
Further Update on Log4Shell Vulnerability (CVE-2021-44228)

Following on from the Log4j advisories sent 13/12 and 15/12, Apache has released version 2.17.0 of Log4j after discovering issues with their previous release, 2.16.   Summary:   Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from… More »

noPac Vulnerability (CVE-2021-42287 and CVE-2021-42278 ) 

Summary Our security partners are investigating multiple proof-of-concept exploits for CVE-2021-42287, a privilege escalation vulnerability associated with Active Directory Domain Services (AD DS). This vulnerability combined with a Security Account Manager (SAM) spoofing security bypass… More »

Update on Log4Shell Vulnerability (CVE-2021-44228) 

As posted previously there have been a number of vulnerabilities to Log4j services based on an update to CVE-2021-44228 – Vulnerability, has now had major developments regarding the Log4j vulnerability since our last advisory. This update… More »

Log4Shell Vulnerability (CVE-2021-44228) 

Summary In the wake of the Log4Shell vulnerability - CVE-2021-44228, our support partner JISC have been monitoring network connectivity and looking for proactive ways to prevent exploitation.   It is imperative to take into consideration the entire infrastructure when responding… More »


Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

    Our partners