Can someone please advise on high level general steps to remediate Log4j in a Windows shop? Servers, computers, and so on.
Is there an official plan and/or patches to remediate this? If so, can you please be so kind and share here?
SecurityWindows Server 2012ConsultingMicrosoft Server OS
Last Comment
btan
8/22/2022 - Mon
Dr. Klahn
First step is to find out whether the system in question actually has any software installed that uses the Apache logging modules. If not, call it a day and have a well-deserved beer.
madunix
You should apply various principles that can minimize the potential for damage even before a vulnerability such as Log4J is known. These include:
SonicWall continues to send out patches that caused issues as I write this, got one this morning. I would definitely make sure your firewall is not compromised.
The MS-ISAC created this flow chart for members and others to follow for identifying and mitigating risk related to this vulnerability: Note: Appendices are available below this graphic.