Microsoft launches new Defender capabilities for fixing Log4j

Hear from the CIO, CTO and other C-level and senior executives on data and AI strategies at the Future of Work Summit on January 12, 2022. Learn more


Microsoft announced that it has introduced new capabilities in its container Defender and Microsoft 365 Defender offering to identify and fix widespread vulnerabilities in Apache Log4j.

Defender for Container debuted on December 9, merging existing Microsoft Defender for container registry and Microsoft Defender capabilities for Kubernets and adding new features such as Kubernetes-Native Deployment, Advanced Threat Detection and vulnerability assessment.

On Monday night, Microsoft announced that it had updated the Defender for Container solution to enable the detection of container images that are vulnerable to defects in the Log 4j, the widely used logging software component.

Defender for Container can now find images in Log4j affected by three vulnerabilities that have been revealed and now patched, starting with the initial report of remote code execution defects in Log4j on 9 December.

Weakness scanning

When the Azure container is pushed into the registry, when the Azure container is pulled from the registry, and when Kubernetes runs on the cluster, Microsoft’s Threat Intelligence team wrote in an update in its blog post about the Log4j vulnerability.

Microsoft has noted that the ability to enable scanning for vulnerabilities in container images running on the Kubernets cluster is powered by the technology of cyber firm Qualis.

“We will continue to follow any additional developments and update our search capabilities if any additional vulnerabilities are reported,” the team said in a post.

Microsoft Defender Cloud for Containers supports any Kubernets cluster certified by the Native Computing Foundation. With Kubernetes, it has been tested with Azure Kubernetes Service (AKS), Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service on Azure Stack HCI, AKS Engine, Azure Red Hat OpenShift, Red Hat OpenShift (version 4.6 or higher). . , VMware Tanzu Kubernetes Grid, and Rancher Kubernetes Engine.

Microsoft 365 Defender Updates

Meanwhile, for Microsoft 365 Defender, the company said it has introduced a unified dashboard to manage threats and vulnerabilities related to Log4j vulnerabilities. The dashboard will “help customers identify and repair files, software and devices exposed to Log4j vulnerabilities,” Microsoft’s threat intelligence team said. Tweeted,

These capabilities are supported on Windows and Windows Server as well as Linux, Microsoft said. However, for Linux, the capabilities require an update to version 101.52.57 or later of Microsoft Defender for endpoint Linux clients.

This “Dedicated Log4j Dashboard” “provides an integrated view of various findings on sensitive devices, vulnerable software and sensitive files,” the threat intelligence teams said in a blog post.

In addition, Microsoft stated that it has launched a new Hunting Scheme for Advanced Hunting for Microsoft 365 Defender, which “surfaces file-level findings from disks and provides the ability to correlate them with additional context in advanced hunting.”

“These new capabilities integrate with existing threat and vulnerability management experience and are slowly coming out,” Microsoft’s threat intelligence teams said in the post.

Search capabilities The installed application covers CPEs (common platform enumerations) that have vulnerabilities for Log4j RCE, as well as known for sensitive Log4j Java Archive (JAR) files, Post says.

Comes with support for macOS

Microsoft said it was working to add support for capabilities in Apple’s macOS for Microsoft 365 Defender, and said that capabilities for macOS devices would be “coming out soon.”

Log4j’s new vulnerability capabilities combine with other vulnerabilities available in the Microsoft offering to address vulnerabilities, known as Log4Shell. Other offerings include Microsoft Sentinel, Azure Firewall Premium, Azure Web Application Firewall, RiskIQ EASM and Threat Intelligence, Microsoft Defender Antivirus, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Cloud, and Microsoft Defender for IoT. .

With some of the largest platforms and cloud services used by businesses, Microsoft is a major cyber security vendor in its own right with over 650,000 security clients.

Microsoft has observed activities exploiting Log4Shell such as attempts at ransomware deployment, crypto mining, identity theft, lateral movement and data exfoliation.

The company said earlier that it had observed vulnerabilities in Log4j and observed the activities of multiple cybercriminal groups seeking to establish network access. These dubious “access brokers” are expected to sell those access ransomware operators later.

Their arrival suggests that an “increase in human-powered ransomware” could follow against both Windows and Linux systems, the company said.

Extensive vulnerability

Microsoft and cyber firm Mandiant have also stated that they have observed the activity of nation-state groups affiliated with countries including China and Iran seeking to exploit the Log4j vulnerability. An Iranian group called Phosphorus, which previously deployed ransomware, has been seen “acquiring and modifying Log4j exploitation,” Microsoft said.

In addition, the company has previously stated that it has observed a new family of ransomware known as Khonsari, which is used in attacks on non-Microsoft hosted Minecraft servers using vulnerabilities in Apache Log 4j.

Many enterprise applications and cloud services written in Java are potentially vulnerable due to flaws in Log4j before version 2.17.1 was released today. Open source logging libraries are considered to be used in some form by most large organizations – directly or indirectly, taking advantage of the Java Framework.

Version 2.17.1 of Log4j addresses newly discovered vulnerabilities (CVE-2021-44832), and is the fourth patch for vulnerabilities in Log4j software since the initial detection of RCE vulnerabilities.

Updated for reference to the release of version 2.17.1 of Log4j.

Venturebeat

VentureBeat’s mission is to become a digital town square for technical decision makers to gain knowledge about transformative technology and practices. Our site delivers essential information on data technologies and strategies so you can lead your organizations. We invite you to access, to become a member of our community:

  • Up-to-date information on topics of interest to you
  • Our newsletters
  • Gated idea-leader content and discounted access to our precious events, such as Transform 2021: Learn more
  • Networking features and more

Become a member

Similar Posts

Leave a Reply

Your email address will not be published.