New Blog Post | Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

%3CLINGO-SUB%20id%3D%22lingo-sub-3037435%22%20slang%3D%22en-US%22%3ENew%20Blog%20Post%20%7C%20Microsoft%E2%80%99s%20Response%20to%20CVE-2021-44228%20Apache%20Log4j%202%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3037435%22%20slang%3D%22en-US%22%3E%3CDIV%20id%3D%22tinyMceEditorAshleyMartin_0%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AshleyMartin_1-1639417376781.png%22%20style%3D%22width%3A%20663px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F333538iEAA04590E871DDBC%2Fimage-dimensions%2F663x391%3Fv%3Dv2%22%20width%3D%22663%22%20height%3D%22391%22%20role%3D%22button%22%20title%3D%22AshleyMartin_1-1639417376781.png%22%20alt%3D%22AshleyMartin_1-1639417376781.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmsrc-blog.microsoft.com%2F2021%2F12%2F11%2Fmicrosofts-response-to-cve-2021-44228-apache-log4j2%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%E2%80%99s%20Response%20to%20CVE-2021-44228%20Apache%20Log4j%202%20%E2%80%93%20Microsoft%20Security%20Response%20Center%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EMicrosoft%20continues%20our%20analysis%20of%20the%20remote%20code%20execution%20vulnerability%20(%3CA%20href%3D%22https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3D2021-44228%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3ECVE-2021-44228%3C%2FA%3E)%20related%20to%20Apache%20Log4j%20(a%20logging%20tool%20used%20in%20many%20Java-based%20applications)%20disclosed%20on%209%20Dec%202021.%20As%20we%20and%20the%20industry%20at%20large%20continue%20to%20gain%20a%20deeper%20understanding%20of%20the%20impact%20of%20this%20threat%2C%20we%20will%20publish%20technical%20information%20to%20help%20customers%20detect%2C%20investigate%2C%20and%20mitigate%20attacks%2C%20as%20well%20as%20guidance%20for%20using%20Microsoft%20security%20solutions%20to%20increase%20resilience%20against%20related%20attacks.%20We%20will%20update%20this%20blog%20with%20information%20and%20protection%20details%20as%20they%20become%20available.%3C%2FP%3E%0A%3CP%3EIn%20addition%20to%20monitoring%20the%20threat%20landscape%20for%20attacks%20and%20developing%20customer%20protections%2C%20our%20security%20teams%20have%20been%20analyzing%20our%20products%20and%20services%20to%20understand%20where%20Apache%20Log4j%20may%20be%20used%20and%20are%20taking%20expedited%20steps%20to%20mitigate%20any%20instances.%20If%20we%20identify%20any%20customer%20impact%2C%20we%20will%20notify%20the%20affected%20party.%20Our%20investigation%20to%20date%20has%20identified%20mitigation%20steps%20customers%20could%20take%20in%20their%20environments%20as%20well%20as%20on%20our%20services.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3037435%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Active%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Application%20Gateway%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Web%20Application%20Firewall%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECloud%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft
 

AshleyMartin_1-1639417376781.png

Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 – Microsoft Security Response Center

Microsoft continues our analysis of the remote code execution vulnerability (CVE-2021-44228) related to Apache Log4j (a logging tool used in many Java-based applications) disclosed on 9 Dec 2021. As we and the industry at large continue to gain a deeper understanding of the impact of this threat, we will publish technical information to help customers detect, investigate, and mitigate attacks, as well as guidance for using Microsoft security solutions to increase resilience against related attacks. We will update this blog with information and protection details as they become available.

In addition to monitoring the threat landscape for attacks and developing customer protections, our security teams have been analyzing our products and services to understand where Apache Log4j may be used and are taking expedited steps to mitigate any instances. If we identify any customer impact, we will notify the affected party. Our investigation to date has identified mitigation steps customers could take in their environments as well as on our services.

3 Replies

@AshleyMartin Tnx for the article.

 

Is Microsoft planning on removing/patching log4j files in their products anytime soon? Just installed a SQL2019 server, which installes some old log4j files?!

We also are seeing this with SQL2019. What remediation does Microsoft suggest for this file?

 

C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar

 

@AshleyMartin 

@KLawrence510Apache Log4J 1.x versions are even more vulnerable, but not for this vulnerability. There are plenty of other vulnerabilities in 1.x versions. What Microsoft is trying to say, is that they use super old version with even more vulnerabilities, but they don't care, because it is not new and popular vulnerability :)))