Forum Discussion
SQL Sever and Apache Log4 vulnerabilities
We use SQL Server 2014 Management Studio, and SQL Server 2015 Reporting Services (SSRS?) on a server that is not owned by us. The operating system is Windows Sever 2012 R2.
I did not set up our SQL server.
An MS article I found says:
SQL Server (on Windows) – all editions
Note: If a customer installs Java support and deploys Java Archives (JARs) that depend on the Log4j 2 library, they are advised to upgrade to the latest version or remove the Java Archives (JARs) that require the dependency.
Source: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
How do I check if we have installed Java Support? How do I check if we use Java Archives (JARs)?
Appreciate any leads.
1 Reply
- I totally agree. I have the same issue, don't want to break MS SQL Server, either
