How to fix the Log4j vulnerability on Windows Server

Thanks dear for your effort,

in SQL server 2019:
Your solution is best -Or -remove the below files from the Jars folder of SQL server 2019 to solve this vulnerability :

log4j-1.2.17.jar
slf4j-api-1.7.5.jar
slf4j-log4j12-1.7.5.jar






Thanks In Advance

ewkenyq

are you mitigating it or just hiding it from security scanners

syedfaraz

The command didn't generate the csv output for me. How do I know if the file is downloaded elsewhere?

hsddheiowrpq

Hi there, variable value = true . is that mean that u disabled lookup? Thanks

hamzamezo

thanks for the video. but it seems like a workaround. i need instructions on how to upgrade Log4j 1.x to Log4j 2.x.
Any Windows guys know how to do this in a simple way?

doogiehowser

Hi if this is the output from the command, does that mean that the server does not have log4j?

export-csv : Access to the path 'C:\c.csv' is denied.

marktoledo

Yea I saw that fix last week too. However after looking into it it seems more for Linux and/or Java environments not windows. Only a before and after testing tool will confirm its effectiveness. A search in Windows explorer will yield the same list without all the fancy power shell

TwinntechFreeTV

.... and the path to find that c.csv file ? Is it within the same path the command is run from? ... which in this case it is C:\WINDOWS\system32 ?
If it returns to the blinking cursor without any info / warning or what so ever does this mean it is not found on the system.
The second part where you set the value of the parameter to true.... do you mean this is needed after the search finds entries? Ans what does that parameter do if it is set to True afterwards? To my understanding does that parameter set to TRUE stops offering NSLookups thus stops giving the attacker the ability to execute remote code inside that lookup?

New edit: The file c.csv is being created in C:\WINDOWS\system32 while the search is running. The test finishes and returns no results and the c.csv file remains at C:\WINDOWS\system32. I opened it with excel and it had no entries inside. Isn t that the procedure followed to check what files are found?
Fun fact is I run the command against e disk and no file created. So am I not opening the c.csv file the proper way?
Finished searching all my servers and as it seems when using mssql (possibly all versions) does find an entry
24/09/2019 14:21:10, "C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars", "log4j-1.2.17.jar"
This version is eol and it is an also known exploit. But other info mentions that the file is there in order to be called by an initiator.
It can be renamed or moved to another location and tests can be run for all the apps in order for all to be tested for proper

Thank you

dimitristsoutsouras

what does the variable name: LOG4J_FORMAT_MSG_NO_LOOKUPS does?

choofu

Hi. Thanks for the video. Where should I look for the c.csv file? Under a C:\? If there's no vulnerability present I assume no file will be created, am I right? Thank you.

tomex

Is there a way to fix it without power shell

immanuelheita

is that the only way to fix this vulnerability? Or can I update the log4j?

MsJorgeb

Thanks, can I apply this hotfix on all of my servers without check, just in case.

kaizentechnology

How to check the Log4j version in windows server?

vasuummidi

is there a script to set the envir variables?

tonyg