Link to home
Start Free TrialLog in
Avatar of Jerry Seinfield
Jerry SeinfieldFlag for United States of America

asked on

log4j remediation tasks

Hello Experts,


Can someone please advise on high level general steps to remediate Log4j in a Windows shop? Servers, computers, and so on.


Is there an official plan and/or patches to remediate this? If so, can you please be so kind and share here?

Avatar of Dr. Klahn
Dr. Klahn

First step is to find out whether the system in question actually has any software installed that uses the Apache logging modules.  If not, call it a day and have a well-deserved beer.
You should apply various principles that can minimize the potential for damage even before a vulnerability such as Log4J is known. These include:
  • implementing multiple layers of defense
  • minimizing permissions to only permitted users
  • maintaining a stance of (SbD) Security by Default
In the case of Log4J, effective security monitoring and intrusion detection, and prevention help detect a breach before the vulnerability is made public. 
https://www.trendmicro.com/en_us/research/21/l/log4j.html
https://www.revenera.com/sites/default/files/sca_apache-log4j-security-vulnerability-steps-to-tackle.pdf
https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
https://www.picussecurity.com/resource/blog/4-step-immediate-mitigation-for-log4j-attacks-log4shell

ASKER CERTIFIED SOLUTION
Avatar of Arun Kumar V
Arun Kumar V
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
This is likely the best place to start CVE 2021-44228
SonicWall continues to send out patches that caused issues as I write this, got one this morning. I would definitely make sure your firewall is not compromised. 
CIS has a reasonable workflow at high level.

https://www.cisecurity.org/log4j-zero-day-vulnerability-response/

The MS-ISAC created this flow chart for members and others to follow for identifying and mitigating risk related to this vulnerability:
Note: Appendices are available below this graphic.
 User generated image