cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

New Blog Post | Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

AshleyMartin
Microsoft

‎Dec 13 2021 09:55 AM

‎Dec 13 2021 09:55 AM

New Blog Post | Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

 

AshleyMartin_1-1639417376781.png

Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 – Microsoft Security Response Center

Microsoft continues our analysis of the remote code execution vulnerability (CVE-2021-44228) related to Apache Log4j (a logging tool used in many Java-based applications) disclosed on 9 Dec 2021. As we and the industry at large continue to gain a deeper understanding of the impact of this threat, we will publish technical information to help customers detect, investigate, and mitigate attacks, as well as guidance for using Microsoft security solutions to increase resilience against related attacks. We will update this blog with information and protection details as they become available.

In addition to monitoring the threat landscape for attacks and developing customer protections, our security teams have been analyzing our products and services to understand where Apache Log4j may be used and are taking expedited steps to mitigate any instances. If we identify any customer impact, we will notify the affected party. Our investigation to date has identified mitigation steps customers could take in their environments as well as on our services.

51.6K Views
0 Likes
3 Replies
Reply
3 Replies
Michiel015

‎Dec 22 2021 07:54 AM

‎Dec 22 2021 07:54 AM

Re: New Blog Post | Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

@AshleyMartin Tnx for the article.

 

Is Microsoft planning on removing/patching log4j files in their products anytime soon? Just installed a SQL2019 server, which installes some old log4j files?!

3 Likes
Reply
KLawrence510

‎Dec 30 2021 08:15 AM

‎Dec 30 2021 08:15 AM

Re: New Blog Post | Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

We also are seeing this with SQL2019. What remediation does Microsoft suggest for this file?

 

C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar

 

@AshleyMartin 

2 Likes
Reply
John_Bloggs90

‎Jan 13 2022 05:39 AM

‎Jan 13 2022 05:39 AM

Re: New Blog Post | Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

@KLawrence510Apache Log4J 1.x versions are even more vulnerable, but not for this vulnerability. There are plenty of other vulnerabilities in 1.x versions. What Microsoft is trying to say, is that they use super old version with even more vulnerabilities, but they don't care, because it is not new and popular vulnerability :)))

0 Likes
Reply