Microsoft investigating Defender issue with Log4j scanner

Hear from the CIO, CTO and other C-level and senior executives on data and AI strategies at the Future of Work Summit on January 12, 2022. Learn more


Microsoft is investigating reports that the Apache Log4j vulnerability scanner in Defender for Endpoint is triggering erroneous warnings.

The company released the scanner with the aim of helping to identify and troubleshoot defects in the popular logging software component, Log4j. Microsoft on Monday evening announced the expansion of Log4j scanning capabilities in Defender.

False positives

Today, Reports False positive alerts emerged from the scanner on Twitter, which allegedly told administrators that “potential sensor tampering with memory was detected by Microsoft Defender for Endpoint.” Twitter users reported seeing the problem by December 23.

Reports responded to Twitter from Tomar Taylor, an executive in Microsoft’s security business. “Thank you for reporting this. The team is investigating, “Taylor said Tweet,

“The team is analyzing why it triggered the warning (it shouldn’t be, of course),” he wrote in a second. Tweet,

VentureBeat has reached out to Microsoft for comment.

On Monday, Microsoft announced that it had introduced new capabilities in its Defender for Container and Microsoft 365 Defender offerings to address Log4j vulnerabilities.

Defender for Container Solution is now able to detect container images that are vulnerable to defects in Log4j. When the Azure container is pushed into the registry, when the Azure container is pulled from the registry, and when Kubernetes runs on the cluster, Microsoft’s Threat Intelligence team wrote in an update in its blog post about the Log4j vulnerability.

Defender updates

Meanwhile, for Microsoft 365 Defender, the company said it has introduced a unified dashboard to manage threats and vulnerabilities related to Log4j vulnerabilities. The dashboard will “help customers identify and fix files, software and devices exposed to Log4j vulnerabilities,” Microsoft’s threat intelligence team tweeted.

These capabilities are supported on Windows and Windows Server as well as Linux, Microsoft said. However, for Linux, the capabilities require an update to version 101.52.57 or later of Microsoft Defender for endpoint Linux clients.

This “dedicated Log4j dashboard” “provides an integrated view of the various findings on sensitive devices, vulnerable software and sensitive files,” the threat intelligence teams wrote in a blog post.

In addition, Microsoft stated that it has launched a new Hunting Scheme for Advanced Hunting for Microsoft 365 Defender, which “surfaces file-level findings from disks and provides the ability to correlate them with additional context in advanced hunting.”

Microsoft said it was working to add support for capabilities in Apple’s macOS for Microsoft 365 Defender, and said that capabilities for macOS devices would be “coming out soon.”

Extensive vulnerabilities

Many enterprise applications and cloud services, written in Java, are potentially vulnerable to flaws in log 4j prior to version 2.17.1, which was released on Tuesday. Open source logging libraries are considered to be used in some form by most large organizations – directly or indirectly, taking advantage of the Java Framework.

Version 2.17.1 of Log4j addresses a newly discovered vulnerability (CVE-2021-44832) and is the fourth patch for bugs in the Log4j software since the initial detection of Remote Code Execution (RCE) vulnerabilities on December 9.

However, the latest vulnerability in Log4j does not appear to be “increasing the already increased risk of compromise by Log4j,” as Casey Ellis, its founder and chief technology officer, said, “requires a fairly vague set of conditions to trigger.” Crowdsource Security Platform, Bugcroad.

Venturebeat

VentureBeat’s mission is to become a digital town square for technical decision makers to gain knowledge about transformative technology and practices. Our site delivers essential information on data technologies and strategies so you can lead your organizations. We invite you to access, to become a member of our community:

  • Up-to-date information on topics of interest to you
  • Our newsletters
  • Gated idea-leader content and discounted access to our precious events, such as Transform 2021: Learn more
  • Networking features and more

Become a member

Similar Posts

Leave a Reply

Your email address will not be published.