Avatar of Jerry Seinfield
Jerry Seinfield
 asked on

log4j remediation tasks

Hello Experts,


Can someone please advise on high level general steps to remediate Log4j in a Windows shop? Servers, computers, and so on.


Is there an official plan and/or patches to remediate this? If so, can you please be so kind and share here?

SecurityWindows Server 2012ConsultingMicrosoft Server OS

Avatar of undefined
Last Comment
btan

8/22/2022 - Mon
Dr. Klahn

First step is to find out whether the system in question actually has any software installed that uses the Apache logging modules.  If not, call it a day and have a well-deserved beer.
madunix

You should apply various principles that can minimize the potential for damage even before a vulnerability such as Log4J is known. These include:
  • implementing multiple layers of defense
  • minimizing permissions to only permitted users
  • maintaining a stance of (SbD) Security by Default
In the case of Log4J, effective security monitoring and intrusion detection, and prevention help detect a breach before the vulnerability is made public. 
https://www.trendmicro.com/en_us/research/21/l/log4j.html
https://www.revenera.com/sites/default/files/sca_apache-log4j-security-vulnerability-steps-to-tackle.pdf
https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
https://www.picussecurity.com/resource/blog/4-step-immediate-mitigation-for-log4j-attacks-log4shell

ASKER CERTIFIED SOLUTION
Arun Kumar V

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
WORKS2011

This is likely the best place to start CVE 2021-44228
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
WORKS2011

SonicWall continues to send out patches that caused issues as I write this, got one this morning. I would definitely make sure your firewall is not compromised. 
btan

CIS has a reasonable workflow at high level.

https://www.cisecurity.org/log4j-zero-day-vulnerability-response/

The MS-ISAC created this flow chart for members and others to follow for identifying and mitigating risk related to this vulnerability:
Note: Appendices are available below this graphic.