[Update] Precautionary steps to protect M365 Security Plus from Log4j vulnerability (CVE-2021-44228, CVE-2021-45046 , CVE-2021-45105 and CVE-2021-44832)
Step 1: Stop M365 Security Plus.
Step 2: Go to <M365 Security Plus installation directory>\elasticsearch\lib folder.
Step 3: Locate and save a backup of the below mentioned files, and remove them from the lib folder.
log4j-1.2-api-2.11.1.jar
log4j-api-2.11.1.jar
log4j-core-2.11.1.jar
(or)
- log4j-1.2-api-2.16.0.jar
- log4j-api-2.16.0.jar
- log4j-core-2.16.0.jar
Step 4: Download and extract the below mentioned files from this zip and add them in <M365 Security Plus installation directory>\elasticsearch\lib folder
log4j-1.2-api-2.17.0.jar
log4j-api-2.17.0.jar
log4j-core-2.17.0.jar
Step 5: Navigate to <M365 Security Plus installation directory>\elasticsearch\plugins\search-guard-6 folder.
Step 6: Locate and save a backup of the log4j-slf4j-impl-2.11.1.jar or log4j-slf4j-impl-2.16.0.jar file, and remove the same from the search-guard-6 folder.
Step 7: Download log4j-slf4j-impl-2.17.0.jar file from here and add it in <M365 Security Plus installation directory>\elasticsearch\plugins\search-guard-6 folder.
- M365 Security Plus' latest release, 4500, contains log4j version 2.17.0. M365 Security Plus is not affected by the latest log4j vulnerability (CVE-2021-44832). Customers who want to replace log4j version 2.17.0 with 2.17.1 can carry out the steps outlined in this post. Log4j 2.17.1 download links are provided below: