Global data security, personal data securit via freepik
Business vector created by jcomp - www.freepik.com

Microsoft Defender is getting new tools to help protect customers against the Log4j vulnerabilities that allow the spread of the Log4Shell exploit. Specifically, Microsoft has updated Microsoft 365 Defender and Defender for Containers.

In fact, Microsoft Defender for Containers is an entirely new service that Microsoft debuted earlier this month. It is a combination of Defender for container registries and Defender for Kubernetes. The company says there are also some new features added on top, including vulnerability assessment and advanced threat detection.

Microsoft is also now adding the ability to discover when containers are carrying the Log4Shell exploit.

Advertisement

Microsoft initially announced it was tracking an active exploit of a Log4j flaw earlier this month and that it has the potential to infect millions of systems. Log4Shell is rated as a critical flaw within the open-source logging library. Because Log4j is common in cloud services, the potential for this exploit to be dangerous is high.

The company later said state-sponsored groups are actively using the exploit too. Versions 2.0 to 2.14.1 of the Log4j software has a vulnerability that allows attackers to engage in remote execution attacks. If successful, the hack leaves the threat actor with control of the device. Apache Software Foundation has set out version 2.15.0 to patch the flaw.

Protection

Defender for Containers now has the ability to detect all three vulnerabilities that have been found in Log4j, allowing users to take action and install patches. The platform scans images automatically when they come from an Azure container registry or in a Kubernetes cluster.

“We will continue to follow up on any additional developments and will update our detection capabilities if any additional vulnerabilities are reported,” the team says in an update to Microsoft’s first blog post.

Microsoft 365 Defender is getting similar protection against the log4j flaws. In a tweet, the Microsoft threat intelligence division confirmed the M365 Defender dashboard will “help customers identify and remediate files, software, and devices exposed to the Log4j vulnerabilities.”

Following the initial disclosure of the vulnerabilities, Microsoft also updated Azure Sentinel with the ability to track and report Log4j flaws.

Tip of the day: Windows lets you use Cortana to translate sentences, words, or phrases, with the results read back to you automatically. This makes it particularly useful for group scenarios, but you can also type if you’re unsure about pronunciation. Cortana translation sports an impressive 40 languages and utilizes machine learning to provide natural results in many cases. Check our full guide to learn how to use Cortana for quick translations.

Advertisement