If you’re scrolling through social media, reading your RSS feeds or even watching the news you’ve probably heard something about the Log4j 2 exploit and the potential for ransomware attacks. So far, the worst of it (at least in the Microsoft world) seems to have fallen on privately hosted Minecraft servers running an older Java client, but that doesn’t mean only gamers are at risk. Any application that relies on Apache Log4j could present remote code execution vulnerabilities.
What is the Log4j vulnerability?
This is a new security threat based on Log4j, a library that is used by millions of Java applications. Cybercriminals have targeted major tech organizations like Apple, Redis, Tesla and even Twitter. When exploited, this vulnerability provides the attacker with access to execute malicious code and wreak havoc within the exploited network.
Is your Microsoft ERP really at risk of a ransomware attack from Log4j 2?
Velosio has over 4,000 active Dynamics and Dynamics 365 clients and as of this time none have reported issues related to this particular exploit. Our research indicates that neither on-premises Dynamics SL and Dynamics GP nor multi-tenant Dynamics 365 Finance and Operations or Business Central are directly affected by the apache Log4j exploit. That by no means indicates “the coast is clear”. In fact, the risk is not so much related to Dynamics, but to any third-party solutions or other apps running on company devices that rely on Java.
If a third-party add-on relies on Apache Log4j (a logging tool used in many Java-based apps), then it is possible that attackers will leverage that software to gain access to critical servers. It is important that your IT organization reviews your environment carefully to identify potential risks. Most ISV applications have either already, or should be soon, publishing the risk status of their apps on their company websites or blogs.
Protection begins with the latest software updates.
Of course, applying the latest software patches and security updates across all systems is always a best practice to mitigate potential ransomware risk.
“This is why our team is constantly evangelizing the importance of keeping security updates, patches and application versions up to date,” states Carolyn Norton, Director of Cloud Engineering and Operations for Velosio. “Even solutions we’ve relied upon for years can become targets seemingly out of nowhere.”
For detailed information on the Apache Log4j vulnerability, you may want to read through some of the articles below.
- 2021-12-11 Microsoft’s Response to CVE-2021-44228 Apache Log4j 2
- 2021-12-11 Guidance for Preventing, Detecting, and Hunting for CVE-2021-44228 Log4j 2 Exploitation
- 2021-12-13 Microsoft Dynamics GP Forum Thread on Log4J Vulnerability
- 2021-12-13 Microsoft Tech Community “How Defender for Cloud displays machines affected by Log4j vulnerabilities”
“This isn’t over,” Norton continues. “Companies will need to be vigilant and keep a close eye on their environments as research into potential exploits related to Apache Log4j 2 continues. The best thing they can do is to leverage Microsoft 365 Defender to protect their environments”.
Microsoft has begun rolling out updates to the Threat and Vulnerability Management capabilities in Microsoft Defender for Endpoint to surface vulnerable Log4j library components. These capabilities automatically discover vulnerable Log4j libraries on Windows clients and Windows servers. Support for Linux and macOS is in the works and will roll out soon.
If you have concerns and would like to connect with a Microsoft Azure or Dynamics 365 expert for advice, reach out to our support team or your Velosio CSM directly.