Microsoft-Azure-Sentinel-Log4j-Detection-Microsoft

Cyber security firms and software developers are currently wrestling with an exploit of a Log4j vulnerability that has potential to cause massive damage. Known as Log4Shell, the malware is targeting organizations and could infect hundreds of millions of machines. Microsoft says it has update Azure Sentinel can now detect, monitor, and investigate exploits related to the Log4j flaw.

It you are unfamiliar with Azure Sentinel, it works within Azure environments to provide “cloud-native Security Information and Event Management (SIEM) tool.” Launched in 2019, it collects huge quantities of data from cloud-based services, such as Office 365 third-party offerings.

Sentinel is a paid service within the Azure ecosystem and customers work directly with Microsoft by sending security logs to the company. Microsoft analyzes the data to find any holes in security.

Advertisement

In a blog post, Microsoft explains how Sentinel will now uncover instances of Log4Shell, allowing users to pass the information onto Microsoft for investigation:

“A new Microsoft Sentinel solution has been added to the Content Hub that provides content to monitor, detect and investigate signals related to exploitation of the recently disclosed Log4j vulnerability.”

Log4j Vulnerability

Microsoft initially announced it was tracking an active exploit of a Log4j flaw earlier this month and that it has the potential to infect millions of systems. Log4Shell is rated as a critical flaw within the open-source logging library. Because Log4j is common in cloud services, the potential for this exploit to be dangerous is high.

The company later said state-sponsored groups are actively using the exploit too. Versions 2.0 to 2.14.1 of the Log4j software has a vulnerability that allows attackers to engage in remote execution attacks. If successful, the hack leaves the threat actor with control of the device. Apache Software Foundation has set out version 2.15.0 to patch the flaw.

However, for now there are potentially millions of systems that have not updated and remain at risk.

Tip of the day: Did you know you can also use OneDrive to save folders and files in the cloud which are located outside the main OneDrive-folder. Check out our step-by-step tutorial to use this practical method also for your Windows 11 / Windows 10-PC.

Advertisement