I used the script to check all my assets for the LOG4J issue and got a few positive hits.

I am not really sure what to do now. Do I just need to update java? One case is a clients critical lob app that they have to use.

Another is unifi portals running on clients servers.

Update Unifi to 6.5.55 to cover both CVEs. It’s up to the individual app vendor to update their version of Log4j, this is not the same thing as the Java we install. You’ll need to do research and see if you can find any post about this particular LOB software. If you can’t, you may need to reach out to them. Many have reached out to their customers letting them know the status or if there is an update. There are two scripts that were released, you can run the remediation script that will band-aid it until the vendor releases an update.

Mark,

There is an overview of the vulnerability and suggested workarounds for software without an update over at the Microsoft Security Response Center. Check out Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 – Microsoft Security Response Center.

They CyberDrain remediation script uses one of the workarounds.

Another attack vector that allows for a local trigger was documented this week. See An Analysis of The Log4Shell Alternative Local Trigger - Blumira

I just finished a bash script for my unifi server that whitelists only the client sites by IP/CIDR/DDNS. It was time to stop leaving it open to the world. I can post the script if anyone needs it.