{"id":4034,"date":"2021-12-21T12:36:18","date_gmt":"2021-12-21T04:36:18","guid":{"rendered":"https:\/\/www.udshk.com\/?page_id=4034"},"modified":"2021-12-24T11:36:58","modified_gmt":"2021-12-24T03:36:58","slug":"log4j-vulnerabilities-microsoft-resolutions","status":"publish","type":"page","link":"https:\/\/www.udshk.com\/?page_id=4034","title":{"rendered":"Log4J Vulnerabilities &#8211; Microsoft Resolutions"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"4034\" class=\"elementor elementor-4034\" data-elementor-settings=\"[]\">\n\t\t\t\t\t\t\t<div class=\"elementor-section-wrap\">\n\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5d606b0 elementor-section-height-min-height elementor-section-items-top elementor-section-boxed elementor-section-height-default\" data-id=\"5d606b0\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b1e2f06\" data-id=\"b1e2f06\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fcf7e67 elementor-widget elementor-widget-image\" data-id=\"fcf7e67\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"300\" src=\"https:\/\/www.udshk.com\/wp-content\/uploads\/2021\/12\/336E73A9-942F-4839-ACF6-0A43516F9477-300x300.png\" class=\"attachment-medium size-medium\" alt=\"\" srcset=\"https:\/\/www.udshk.com\/wp-content\/uploads\/2021\/12\/336E73A9-942F-4839-ACF6-0A43516F9477-300x300.png 300w, https:\/\/www.udshk.com\/wp-content\/uploads\/2021\/12\/336E73A9-942F-4839-ACF6-0A43516F9477-150x150.png 150w, https:\/\/www.udshk.com\/wp-content\/uploads\/2021\/12\/336E73A9-942F-4839-ACF6-0A43516F9477-100x100.png 100w, https:\/\/www.udshk.com\/wp-content\/uploads\/2021\/12\/336E73A9-942F-4839-ACF6-0A43516F9477.png 500w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d2f21f8 elementor-widget elementor-widget-heading\" data-id=\"d2f21f8\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Log4J Vulnerabilities - Microsoft Resolutions (Updated to 12 Dec 2021)<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0abba13 elementor-widget elementor-widget-text-editor\" data-id=\"0abba13\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>The information provided below is referred from <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/12\/11\/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation\/\">https:\/\/www.microsoft.com\/security\/blog\/2021\/12\/11\/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation\/<\/a>.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-53779d0 elementor-tabs-view-horizontal elementor-widget elementor-widget-tabs\" data-id=\"53779d0\" data-element_type=\"widget\" data-widget_type=\"tabs.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-tabs\">\n\t\t\t<div class=\"elementor-tabs-wrapper\" role=\"tablist\" >\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8751\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"true\" data-tab=\"1\" role=\"tab\" tabindex=\"0\" aria-controls=\"elementor-tab-content-8751\" aria-expanded=\"false\">CVE Number<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8752\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"2\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8752\" aria-expanded=\"false\">Discovery Date<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8753\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"3\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8753\" aria-expanded=\"false\">Threat Level<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8754\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"4\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8754\" aria-expanded=\"false\">Response to Log4j<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8755\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"5\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8755\" aria-expanded=\"false\">Microsoft Security Solutions<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t<div class=\"elementor-tabs-content-wrapper\" role=\"tablist\" aria-orientation=\"vertical\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"true\" data-tab=\"1\" role=\"tab\" tabindex=\"0\" aria-controls=\"elementor-tab-content-8751\" aria-expanded=\"false\">CVE Number<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8751\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"1\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8751\" tabindex=\"0\" hidden=\"false\"><ul>\n \t<li> <a style=\"pointer-events: none; cursor: default; text-decoration: none; color: black;\" href=\"\u201c#\u201d\"> 2021-44228<\/a><\/li>\n<\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"2\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8752\" aria-expanded=\"false\">Discovery Date<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8752\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"2\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8752\" tabindex=\"0\" hidden=\"hidden\"><ul><li>Dec 12, 2021<\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"3\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8753\" aria-expanded=\"false\">Threat Level<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8753\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"3\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8753\" tabindex=\"0\" hidden=\"hidden\"><ul><li>High<\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"4\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8754\" aria-expanded=\"false\">Response to Log4j<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8754\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"4\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8754\" tabindex=\"0\" hidden=\"hidden\"><p class=\"s5\"><span class=\"s32\">Microsoft\u2019s unified threat intelligence team, comprising the Microsoft Threat Intelligence <\/span><span class=\"s32\">Center<\/span><span class=\"s32\"> (MSTIC),\u00a0Microsoft 365\u00a0Defender Threat Intelligence Team, <\/span><span class=\"s32\">RiskIQ<\/span><span class=\"s32\">, and the Microsoft Detection and Response Team (DART), among others, have been tracking threats taking advantage of\u00a0 CVE-2021-44228,\u00a0<\/span><span class=\"s32\">remote code execution (RCE) vulnerability in\u00a0 Apache Log4j 2\u00a0<\/span><span class=\"s32\">referred to as \u201cLog4Shell\u201d.<\/span><\/p><p class=\"s5\"><span class=\"s32\">Microsoft has observed multiple threat actors leveraging the CVE-2021-44228 vulnerability in active attacks. Microsoft will continue to monitor threats taking advantage of this vulnerability and provide updates as they become available. To protect against these threats, they recommend that organizations follow the guidance detailed in succeeding sections.<\/span><\/p><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"5\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8755\" aria-expanded=\"false\">Microsoft Security Solutions<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8755\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"5\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8755\" tabindex=\"0\" hidden=\"hidden\"><p class=\"s2\"><span class=\"s32\">The following product help to against the log4j vulnerabilities.<\/span><\/p>\n\n<ul>\n \t<li class=\"s5\"><strong><span class=\"s32\">Microsoft \u00a0365 Defender<\/span><\/strong>\n<ul>\n \t<li class=\"s5\">They have begun rolling out updates to the Threat and Vulnerability Management capabilities in Microsoft Defender for Endpoint to surface vulnerable Log4j library components<\/li>\n<\/ul>\n<\/li>\n \t<li class=\"s5\"><strong><span class=\"s32\">Microsoft Defender Antivirus<\/span><\/strong>\n<ul>\n \t<li class=\"s5\"><span class=\"s32\">Turn on cloud-delivered protection in Microsoft Defender Antivirus to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block the majority of new and unknown variants. Microsoft Defender Antivirus detects components and <\/span><span class=\"s32\">behaviors<\/span><span class=\"s32\"> related to this threat as the following detection names<\/span><\/li>\n<\/ul>\n<\/li>\n \t<li class=\"s5\"><strong><span class=\"s32\">Microsoft Defender for Endpoint<\/span><\/strong>\n<ul>\n \t<li class=\"s5\">Users of Microsoft Defender for Endpoint can turn on the following attack surface reduction rule to block or audit some observed activity associated with this threat.<\/li>\n \t<li class=\"s5\">Block executable files from running unless they meet a prevalence, age, or trusted list criterion<\/li>\n<\/ul>\n<\/li>\n \t<li class=\"s5\"><strong><span class=\"s29\">Microsoft Defender for Office 365<\/span><\/strong>\n<ul>\n \t<li class=\"s5\"><span class=\"s29\">To add a layer of protection against exploits that may be delivered via email, Microsoft Defender for\u00a0Office 365\u00a0flags suspicious emails (e.g., emails with the \u201c<\/span><span class=\"s29\">jndi<\/span><span class=\"s29\">\u201d string in email headers or the sender email address field), which are moved to the Junk folder.<\/span><\/li>\n<\/ul>\n<\/li>\n \t<li class=\"s5\"><strong><span class=\"s29\">Microsoft Defender for Cloud<\/span><\/strong>\n<ul>\n \t<li class=\"s5\">Microsoft Defender for Cloud\u2019s threat detection capabilities have been expanded to surface ensure that exploitation of CVE-2021-44228 in several relevant security alerts.<\/li>\n<\/ul>\n<\/li>\n \t<li class=\"s5\"><strong><span class=\"s29\">Microsoft Defender for IoT<\/span><\/strong>\n<ul>\n \t<li class=\"s5\">Microsoft Defender for IoT has released a dedicated threat Intelligence update package for detecting Log4j 2 exploit<\/li>\n<\/ul>\n<\/li>\n \t<li class=\"s5\"><strong><span class=\"s29\">Microsoft Sentinel<\/span><\/strong>\n<ul>\n \t<li class=\"s5\">A new Microsoft Sentinel solution has been added to the Content Hub that provides a central place to install Sentinel specific content to monitor, detect, and investigate signals related to exploitation of the CVE-2021-44228 vulnerability.<\/li>\n<\/ul>\n<\/li>\n \t<li class=\"s5\"><strong><span class=\"s29\">Azure Firewall Premium\u00a0<\/span><\/strong>\n<ul>\n \t<li class=\"s5\">Customers using Azure Firewall Premium have enhanced protection from the Log4j RCE CVE-2021-44228 vulnerability and exploit. Azure Firewall premium IDPS (Intrusion Detection and Prevention System) provides IDPS inspection for all east-west traffic and outbound traffic to internet. The vulnerability rulesets are continuously updated and include CVE-2021-44228 vulnerability for different scenarios including UDP, TCP, HTTP\/S\u00a0protocols since December 10th, 2021.<\/li>\n<\/ul>\n<\/li>\n \t<li class=\"s5\"><strong><span class=\"s29\">Azure Web Application Firewall (WAF)<\/span><\/strong>\n<ul>\n \t<li class=\"s5\">Customers using WAF Managed Rules would have already received enhanced protection for the Log4j 2 vulnerability (CVE-2021-44228); no additional action is needed.<\/li>\n<\/ul>\n<\/li>\n \t<li class=\"s5\"><strong><span class=\"s29\">Indicators of compromise(<\/span><span class=\"s29\">IOSc<\/span><span class=\"s29\">)<\/span><\/strong>\n<ul>\n \t<li class=\"s5\"><span class=\"s29\">Microsoft Threat Intelligence <\/span><span class=\"s29\">Center<\/span><span class=\"s29\"> (MSTIC) has provided a list of IOCs related to this attack and will update them with new indicators as they are discovered:<\/span><br><a class=\"s29\" href=\"https:\/\/raw.githubusercontent.com\/Azure\/Azure-Sentinel\/master\/Sample%20Data\/Feeds\/Log4j_IOC_List.csv\">https:\/\/raw.githubusercontent.com\/Azure\/Azure-Sentinel\/master\/Sample Data\/Feeds\/Log4j_IOC_List.csv<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p class=\"s28\"><\/p><\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Log4J Vulnerabilities &#8211; Microsoft Resolutions (Updated to 12 Dec 2021) The information provided below is referred from https:\/\/www.microsoft.com\/security\/blog\/2021\/12\/11\/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation\/. CVE Number Discovery Date Threat Level Response to Log4j Microsoft Security Solutions CVE Number 2021-44228 Discovery Date Dec 12, 2021 Threat Level High Response to Log4j Microsoft\u2019s unified threat intelligence team, comprising the Microsoft Threat Intelligence Center [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-4034","page","type-page","status-publish","hentry","entry","owp-thumbs-layout-horizontal","owp-btn-normal","owp-tabs-layout-horizontal","has-no-thumbnails","has-product-nav"],"_links":{"self":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages\/4034","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.udshk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4034"}],"version-history":[{"count":7,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages\/4034\/revisions"}],"predecessor-version":[{"id":4202,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages\/4034\/revisions\/4202"}],"wp:attachment":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4034"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}