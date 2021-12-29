



Hear about data and AI strategies from CIOs, CTOs, and other executives and senior executives at the Future of Work Summit on January 12, 2022.detail

Microsoft has announced the introduction of new features in Defender for Containers and Microsoft 365 Defender products to identify and fix widespread vulnerabilities in Apache Log4j.

Defender for Containers debuted on December 9th, integrating existing Microsoft Defender for Kubernetes with Microsoft Defender for Container registry features and adding new features such as Kubernetes native deployment, advanced threat detection, and vulnerability assessment.

On Monday night, Microsoft revealed that it has updated its Defender for Containers solution to enable detection of container images that are vulnerable to flaws in Log4j, a widely used logging software component.

From the first report of a remote code execution flaw in Log4j on December 9, Defender for Containers is now able to detect images affected by three publicly patched Log4j vulnerabilities. rice field.

Vulnerability scan

Container images are automatically scanned for vulnerabilities when pushed to the Azure container registry, pulled from the Azure container registry, and run in Kubernetes clusters. Microsoft’s threat intelligence team wrote an update to a blog post about a Log4j vulnerability.

According to Microsoft, the ability to scan for vulnerabilities in container images running in Kubernetes clusters leverages Cyber ​​Firm’s Qualys technology.

In a post, the team will continue to follow up on additional developments and update detection if additional vulnerabilities are reported.

Microsoft Defender for Containers supports all Kubernetes clusters certified by the Cloud Native Computing Foundation. Tested with Azure Kubernetes Service (AKS), Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service on Azure Stack HCI, AKS Engine, Azure Red Hat OpenShift, Red Hat OpenShift (version 4.6 and above), in addition to Kubernetes, VMware Tanzu Kubernetes grid, and Rancher Kubernetes engine.

Microsoft 365 Defender Update

Meanwhile, Microsoft 365 Defender said it has introduced an integrated dashboard to manage threats and vulnerabilities related to Log4j flaws. Dashboards help customers identify and fix files, software, and devices that are exposed to Log4j vulnerabilities, Microsoft’s threat intelligence team tweeted.

According to Microsoft, these features are supported on Windows, Windows Server, and Linux. However, for Linux, the feature requires an update to version 101.52.57 or later of the Microsoft Defender for Endpoint Linux client.

This dedicated Log4j dashboard provides an integrated view of various findings across vulnerable devices, vulnerable software, and vulnerable files, the threat intelligence team said in a blog post.

In addition, Microsoft said it has launched a new schema with advanced hunting for Microsoft 365 Defender. It displays file-level results from disk and provides the ability to associate them with additional context with advanced hunting.

These new features are being integrated and gradually rolled out with existing threat and vulnerability management experience, Microsoft’s threat intelligence team said in a post.

The detection feature targets installed applications CPE (Common Platform Enumerations) that are known to be vulnerable to Log4j RCE and vulnerable Log4j Java Archive (JAR) files.

Support for macOS is planned

Microsoft said it is working to add support for the features of Microsoft 365 Defender for Apples macOS, and said that features for macOS devices will be rolled out soon.

The new feature to protect against Log4j vulnerabilities joins another feature available in Microsoft products to address the vulnerability, called Log4Shell. Other products include Microsoft Sentinel, Azure Firewall Premium, Azure Web Application Firewall, RiskIQ EASM and Threat Intelligence, Microsoft Defender Antivirus, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Cloud, and Microsoft Defender for IoT. ..

Microsoft is itself a major cyber security vendor with 650,000 security customers, as well as offering some of the largest platforms and cloud services used by enterprises.

Microsoft reports that it is monitoring activities that exploit Log4Shell, such as ransomware deployment attempts, crypto mining, credential theft, lateral movement, and data breaches.

The company previously said it had observed activity by multiple cybercriminal groups attempting to exploit a Log4j vulnerability to establish network access. These suspicious access brokers are expected to later sell their access to ransomware operators.

Their arrival suggests that the increase in human-operated ransomware could follow both Windows and Linux systems, the company said.

Widespread vulnerability

Microsoft and cyber company Mandiant also said they have observed activity from national groups related to countries such as China and Iran that are trying to exploit the Log4j vulnerability. According to Microsoft, a group of Iran known as Phosphorus, who had previously deployed ransomware, was seen acquiring and modifying the Log4j exploit.

In addition, the company previously said it had exploited a vulnerability in Apache Log4j to observe a new ransomware family called Khonsari that was used to attack Minecraft servers not hosted by Microsoft.

Many enterprise applications and cloud services written in Java are potentially vulnerable due to a flaw in Log4j prior to version 2.17.1 released today. Open source logging libraries are believed to be used in some way, either directly or indirectly, by the majority of large organizations leveraging the Java framework.

Log4j version 2.17.1 addresses a newly discovered vulnerability (CVE-2021-44832), the fourth patch for a Log4j software vulnerability since the RCE vulnerability was first discovered. is.

A fairly ambiguous set of conditions is required to trigger a newly discovered Log4j vulnerability, said Casey Ellis, founder and chief technology officer of Bugcrowd, in a statement shared with VentureBeat. Therefore, while it is important for people to pay attention to the newly released CVE for situational awareness, this CVE does not appear to already be at increased risk of breaches via Log4j.

It has been updated to refer to the release of version 2.17.1 of Log4j and add comments from Bugcrowds Casey Ellis.

