Jerry Seinfield
asked on
log4j remediation tasks
Hello Experts,
Can someone please advise on high level general steps to remediate Log4j in a Windows shop? Servers, computers, and so on.
Is there an official plan and/or patches to remediate this? If so, can you please be so kind and share here?
First step is to find out whether the system in question actually has any software installed that uses the Apache logging modules. If not, call it a day and have a well-deserved beer.
You should apply various principles that can minimize the potential for damage even before a vulnerability such as Log4J is known. These include:
https://www.trendmicro.com/en_us/research/21/l/log4j.html
https://www.revenera.com/sites/default/files/sca_apache-log4j-security-vulnerability-steps-to-tackle.pdf
https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
https://www.picussecurity.com/resource/blog/4-step-immediate-mitigation-for-log4j-attacks-log4shell
- implementing multiple layers of defense
- minimizing permissions to only permitted users
- maintaining a stance of (SbD) Security by Default
https://www.trendmicro.com/en_us/research/21/l/log4j.html
https://www.revenera.com/sites/default/files/sca_apache-log4j-security-vulnerability-steps-to-tackle.pdf
https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
https://www.picussecurity.com/resource/blog/4-step-immediate-mitigation-for-log4j-attacks-log4shell
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This is likely the best place to start CVE 2021-44228
SonicWall continues to send out patches that caused issues as I write this, got one this morning. I would definitely make sure your firewall is not compromised.
CIS has a reasonable workflow at high level.
https://www.cisecurity.org/log4j-zero-day-vulnerability-response/
The MS-ISAC created this flow chart for members and others to follow for identifying and mitigating risk related to this vulnerability:
Note: Appendices are available below this graphic.
https://www.cisecurity.org/log4j-zero-day-vulnerability-response/
The MS-ISAC created this flow chart for members and others to follow for identifying and mitigating risk related to this vulnerability:
Note: Appendices are available below this graphic.