Microsoft updates Defender against Log4j vulnerability

Microsoft has updated several Defender fixes against the recent Log4j vulnerability. Among other things, the updates ensure that companies identify and resolve the Log4j vulnerabilities more quickly.

Specifically, the tech giant has rolled out updates for its recently rolled out Defender for Containers and Microsoft 365 Defender solutions. Among other things, the updates allow Defender for Containers to discover container images that are vulnerable to the issues in Log4j.

Log4j update Defender for Containers

Defender for Containers now discovers images compromised by Log4j’s three vulnerabilities that allow remote code execution. The containers images are now automatically scanned for these vulnerabilities when pushed to an Azure container registry, when pulled from an Azure container registry, and when running on a Kubernetes cluster. These latter scans are made possible, among other things, by technology from security specialist Qualys.

Microsoft’s security solution supports various Kubernetes clusters, including the Azure Kubernetes Service (AKS), Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service on Azure Stack HCI, AKS Engine, Azure Red Hat OpenShift, Red Hat OpenShift (version 4.6 or above ), VMware Tanzu Kubernetes Grid and Rancher Kubernetes Engine.

Update for Microsoft 365 Defender

The updates against the Log4j vulnerabilities for Microsoft 365 Defender now provide some sort of dashboard that lists threats and potential vulnerabilities to Log4j. Through this dashboard, companies can identify and address these threats in files, software and devices.

The now added functionality supports Windows, Windows Server and Linux. This latest support requires end users to update to version 101.52.57 or later of the Microsoft Defender for Endpoint Linux client.

In addition, Microsoft 365 Defender has added additional hunting capabilities that detect Log4j issues. The tech giant is also updating its version for macOS. This will be rolled out soon.

Other Microsoft products

The Defender for Container and Microsoft 365 Defender updates are part of multiple updates to Microsoft solutions that the tech giant is currently making. Think of solutions such as Microsoft Sentinel, Azure Firewall Premium, Azure Web Application Firewall, RiskIQ EASM and Threat Intelligence, Microsoft Defender Antivirus, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Cloud and Microsoft Defender for IoT.