Forum Discussion
New Blog Post | Microsoft’s Response to CVE-2021-44228 Apache Log4j 2
Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 – Microsoft Security Response Center
Microsoft continues our analysis of the remote code execution vulnerability (CVE-2021-44228) re...
We also are seeing this with SQL2019. What remediation does Microsoft suggest for this file?
C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar
|
KLawrence510Apache Log4J 1.x versions are even more vulnerable, but not for this vulnerability. There are plenty of other vulnerabilities in 1.x versions. What Microsoft is trying to say, is that they use super old version with even more vulnerabilities, but they don't care, because it is not new and popular vulnerability :)))