How to mitigate the Log4j vulnerability on Windows servers for Fastvue Reporter (the correct way!)

preview_player
Показать описание
This short video shows how to mitigate the Log4j vulnerability on Windows servers running Fastvue Reporter.

Fastvue Reporter uses Elasticsearch as its database, which uses Log4j for its own diagnostic logging.

Elastic has since downgraded the issue saying"Elasticsearch is not susceptible to remote code execution with this vulnerability due to our use of the Java Security Manager" which is good news:

However, we still recommend adding the LOG4J_FORMAT_MSG_NO_LOOKUPS environment variable to your servers. Especially if you have other services installed that could also be using log4j under the hood. There are many of them out there!

To do this:
1. Log in to the server running Fastvue Reporter
2. Right-click the Start button and select System.
3. In the Settings window that appears, under Related Settings, click System Info.
4. In the System window that appears, on the left side, click Advanced system settings.
5. In the System Properties dialog that appears, under the Advanced tab, click the Environment Variables... button.
In the Environment Variables dialog, under System variables, click New....
6. Set Variable name to LOG4J_FORMAT_MSG_NO_LOOKUPS
Set Variable value to true
7. Click OK on each dialog until you're back to the System window, which can now be closed.

Please follow these steps as soon as possible to avoid the Log4j vulnerability causing issues in your network.

To stay updated with Fastvue's product and security updates, subscribe to our mailing list making sure you check the 'Product Updates & News' checkbox.

  1. Fastvue
Рекомендации по теме
How to mitigate 0:11:35

How to mitigate Log4j vulnerability | Example | log4j 2.17 | step by step update | imp links #log4j2

The right steps 0:12:01

The right steps and actions to help mitigate Log4j Vulnerability Exploit

How to mitigate 0:00:57

How to mitigate the Log4j vulnerability on Windows servers for Fastvue Reporter (the correct way!)

Log4J - CVE 0:45:40

Log4J - CVE 2021-44228 (Log4Shell) - Exploitation & Mitigation

How To: Mitigate 0:08:44

How To: Mitigate Log4j Vulnerabilities with the Forescout Platform

The Log4j Vulnerability: 0:11:19

The Log4j Vulnerability: Patching and Mitigation

Zero-day vulnerability mitigation 0:23:29

Zero-day vulnerability mitigation using examples from Log4j

What is Log4Shell 0:05:23

What is Log4Shell Vulnerability? Check 4-Step Immediate Mitigation for Log4j Attacks

Understanding the LOG4J 0:12:14

Understanding the LOG4J Vulnerability: Risks and Prevention Tips!' -Covered By ‎@MaloyRoyOrko

How to fix 0:03:05

How to fix the Log4j vulnerability on Windows Server

DevCentral Connects: Log4j 0:40:55

DevCentral Connects: Log4j CVE-2021-44228 Vulnerability - What is it? And How to Mitigate it!

How to reproduce 0:04:58

How to reproduce log4j vulnerability | Mitigation [CVE-2021-44228]

What is the 0:02:34

What is the Log4j Vulnerability and How to Protect Against It

log4j vulnerability fix 0:06:57

log4j vulnerability fix | internet on fire 🔥 #log4j #vulnerability

Free Resources for 0:10:55

Free Resources for Log4Shell Mitigation [fix Log4j CVE-2021-44228]

TryHackMe - 'Solar' 0:53:51

TryHackMe - 'Solar' Leveraging Log4j Exploit and Mitigation

Log4j Exploit and 0:01:15

Log4j Exploit and Mitigation Explainer

Log4j Vulnerability | 0:03:34

Log4j Vulnerability | How to protect your Systems and Servers from Log4j | Fix this ASAP!!!

How to fix 0:04:19

How to fix the Log4j2 vulnerability | Mitigate Log4J CVE2021-44228 Zero-Day Without Patching

How to run 0:07:10

How to run Esri's Log4j Mitigation Script for ArcGIS Enterprise

Log4Shell - Upgrade 0:07:10

Log4Shell - Upgrade Guidance for Open Source Projects to Mitigate Log4j Vulnerability CVE-2021-44228

Beyond Log4j: How 0:30:52

Beyond Log4j: How to Use Tanium to Mitigate Supply Chain Risk

How DevSecOps Can 0:03:03

How DevSecOps Can Help Mitigate the Next Log4j Vulnerability

Log4Shell, the Log4j 0:07:48

Log4Shell, the Log4j Vulnerability: What it Is, Who is Affected and How to Mitigate It

Комментарии
Автор

Is it not meant to be log4j2 or does this cover all versions?

SonGoku-iosh
Автор

Is there any fix for epop-agent 6.5 using log4j 1.2? Uninstall will do any impact?

srinivasp
Автор

This is only viable for log4j 2.10< versions. only use this when updating to 2.16 is not a possibility.
EDIT: Flags and Env variables are no longer considered full countermeasures. GLHF

Cerx
Автор

same comment @srinivas P, do you have a fix for vcenter on windows

mozpony
Автор

Is there any flipside to the workaround?

steinarmyrvang
Автор

Hi we are using spring boot java application, spring boot by default providing the log4j-api 2.12.2 jar and log4j-to slf4j jar files. We are not using only slf4j, and we didn't used these in pom.xml file, but safer we just added log 4j- 2.15 version jar. There will be any problem or Is there any alternate?

padmasree
Автор

Hey everyone. Just to be clear, this mitigation is for anyone our Fastvue Reporter product. Fastvue Reporter uses Elasticsearch v5.6.14 which runs one of the vulnerable versions of Log4j under the hood. Unfortunately, it is not possible to update our Elasticsearch version at this time, so customers must add this environment variable to their server running Fastvue Reporter to mitigate the vulnerability. You can stay up to date with Fastvue's advice here:

The reason this video is labelled 'the correct way' is because we posted an older video with incorrect steps. It showed adding the environment variable to the user variables section instead of the system variables section.

Apologies for any confusion!

fastvue
Автор

Can you please help with how to fix in 2008 r2 server which is running with vcenter 5.5

srinivasp
Автор

u can easily block this from firewall IPS

sameerudeen