N4L will be conducting backend maintenance for our core infrastructure between Saturday 12 April and Sunday 27 April, but there is no expected impact on services facing schools. In general, all upgrades that may cause an outage for school-facing services are done...
Advisory: vulnerability affecting PHP on Windows (CVE-2024-4577)
We’re aware of a vulnerability impacting Windows users. CVE-2024-4577 is a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows. Successful exploitation enables unauthenticated attackers to execute arbitrary code and can lead to complete...
Network outage around Motueka
We’re aware of an outage impacting some schools around Motueka. Our team is investigating the issues and working to resolve them. We’ll provide further details when we can. Update 4pm: The root cause has been identified and work towards restoring service is underway....
Phishing email scam circulating in some schools
We’re aware of a phishing scam circulating via email in some schools. You can see an example of what this email looks like below. The phishing email is crafted to appear legitimate, being sent from legitimate email addresses of schools and other New Zealand...
FortiClient Remote Access vulnerability
We’re aware of a Cleartext Storage of Sensitive Information vulnerability impacting FortiClient, a remote access solution used by some schools. The vulnerability impacts users on Windows and Linux devices that have updated FortiClient to version 7 (full list of...
Authentication bypass vulnerability impacting FortiOS and FortiProxy (CVE-2024-55591)
We’re aware of an authentication bypass vulnerability affecting ForitOS and FortiProxy. Attackers are exploiting this vulnerability by sending a specially crafted request to the administrative interface of firewalls. All N4L-managed firewall administrative interfaces...
Apache Struts critical vulnerability (CVE-2024-53677)
We’re aware of a critical vulnerability in Apache Struts 2, which is an open-source model-view-controller (MVC) framework for creating Java web applications. This is an 'Unrestricted Upload of File with Dangerous Type' vulnerability (CVSSv4 score of 9.5) that exists...
Encrypted Client Hello’s impact on Web Filtering
Encrypted Client Hello (or ECH for short) is a privacy encryption method that’s been enabled on some websites globally by third parties, which includes a very small percentage of websites used by schools. If a website has ECH enabled, it makes it difficult for N4L’s...
Issue impacting our Filtering Portal
Update 6 December: This issue has now been resolved and Filtering Portal should work as expected. We are aware of an issue impacting users when making configuration changes with our Filtering Portal (FortiPortal). The team is working to resolve this and we will...
End-of-life Chromebooks disconnecting from the network
We’re aware of end-of-life Chromebooks dropping off networks, impacting unsupported OS version users. This is a result of Google implementing their Auto Update policy. What you can do School’s IT support or IT providers need to remove the impacted device’s network...