[Update] Precautionary steps to protect M365 Security Plus from Log4j vulnerability (CVE-2021-44228, CVE-2021-45046 , CVE-2021-45105 and CVE-2021-44832)
This post has been updated on 05/01/2022.
In M365 Security Plus, the affected log4j version is used in the bundled dependency. Our security experts are analyzing the issue and as of now, we have no conclusive evidence of our product being affected by it. However, we strongly recommend all our customers to follow the below steps as a precautionary measure.
Precautionary steps to take against this vulnerability:
Step 1: Stop M365 Security Plus.
Step 2: Go to <M365 Security Plus installation directory>\elasticsearch\lib folder.
Step 3: Locate and save a backup of the below mentioned files, and remove them from the lib folder.
Step 4: Download and extract the below mentioned files from this zip and add them in <M365 Security Plus installation directory>\elasticsearch\lib folder
Step 5: Navigate to <M365 Security Plus installation directory>\elasticsearch\plugins\search-guard-6 folder.
Step 6: Locate and save a backup of the log4j-slf4j-impl-2.11.1.jar or log4j-slf4j-impl-2.16.0.jar file, and remove the same from the search-guard-6 folder.
Step 7: Download log4j-slf4j-impl-2.17.0.jar file from here and add it in <M365 Security Plus installation directory>\elasticsearch\plugins\search-guard-6 folder.
Step 8: Start M365 Security Plus.
M365 Security Plus' latest release, 4500, contains log4j version 2.17.0. M365 Security Plus is not affected by the latest log4j vulnerability (CVE-2021-44832). Customers who want to replace log4j version 2.17.0 with 2.17.1 can carry out the steps outlined in this post. Log4j 2.17.1 download links are provided below:
M365 Security Plus Team
Direct Inward Dialing: +1-408-916-9836