Microsoft is investigating experiences that the Apache Log4j vulnerability scanner in Defender for Endpoint is triggering faulty alerts.

Replace: The corporate advised VentureBeat on Wednesday afternoon it has resolved the difficulty (see beneath).

Microsoft launched the scanner with the intention of helping with the identification and remediation of the failings in Log4j, a preferred logging software program part. Microsoft disclosed an growth of the Log4j scanning capabilities in Defender on Monday night.

False positives

Right this moment, experiences emerged on Twitter about false optimistic alerts from the scanner, which reportedly inform admins that “Attainable sensor tampering in reminiscence was detected by Microsoft Defender for Endpoint.” Twitter customers reported seeing the difficulty way back to December 23.

The experiences prompted a response on Twitter from Tomer Teller, an govt in Microsoft’s safety enterprise. “Thanks for reporting this. The staff is wanting into that,” Teller mentioned in a tweet.

“The staff is analyzing why it triggers the alert (it shouldn’t, after all),” he wrote in a second tweet.

In response to a query from VentureBeat concerning the experiences, a Microsoft spokesperson mentioned in an announcement Wednesday afternoon that “we have now resolved a problem for some prospects who could have skilled a collection of false-positive detections.”

On Monday, Microsoft introduced it has rolled out new capabilities in its Defender for Containers and Microsoft 365 Defender choices for addressing Log4j vulnerabilities.

The Defender for Containers answer is now enabled to find container pictures which can be susceptible to the failings in Log4j. Container pictures are scanned routinely for vulnerabilities when they’re pushed to an Azure container registry, when pulled from an Azure container registry, and when operating on a Kubernetes cluster, Microsoft’s menace intelligence staff wrote in an replace to its weblog submit concerning the Log4j vulnerability.

Defender updates

In the meantime, for Microsoft 365 Defender, the corporate mentioned it has launched a consolidated dashboard for managing threats and vulnerabilities associated to the Log4j flaws. The dashboard will “assist prospects establish and remediate information, software program, and gadgets uncovered to the Log4j vulnerabilities,” Microsoft’s menace intelligence staff tweeted.

These capabilities are supported on Home windows and Home windows Server, in addition to on Linux, Microsoft mentioned. Nevertheless, for Linux, the capabilities require an replace to model 101.52.57 or later of the Microsoft Defender for Endpoint Linux consumer.

This “devoted Log4j dashboard” gives a “consolidated view of varied findings throughout susceptible gadgets, susceptible software program, and susceptible information,” the menace intelligence groups wrote within the weblog submit.

Moreover, Microsoft mentioned it has launched a brand new schema in superior trying to find Microsoft 365 Defender, “which surfaces file-level findings from the disk and gives the flexibility to correlate them with further context in superior searching.”

Microsoft mentioned it’s working so as to add help for the capabilities in Microsoft 365 Defender for Apple’s macOS, and mentioned the capabilities for macOS gadgets “will roll out quickly.”

Widespread vulnerabilities

Many enterprise functions and cloud providers written in Java are doubtlessly susceptible to the failings in Log4j previous to model 2.17.0. The open supply logging library is believed for use in some type — both immediately or not directly by leveraging a Java framework — by the vast majority of giant organizations.

The most recent patch for Log4j, model 2.17.1, was launched Tuesday and addresses a newly found vulnerability (CVE-2021-44832). It’s the fourth patch for flaws within the Log4j software program for the reason that preliminary discovery of a distant code execution (RCE) vulnerability on December 9.

Nevertheless, quite a lot of safety professionals say that the most recent vulnerability doesn’t pose an elevated safety threat for almost all of organizations. In consequence, for a lot of organizations which have already patched to model 2.17.0 of Log4j, launched December 17, it shouldn’t be essential to right away patch to model 2.17.1.

Article up to date to incorporate a response from Microsoft concerning the decision of the false positives situation, together with new particulars concerning the model 2.17.1 patch for Log4j.