In cursory: Microsoft has announced updates for deject-based versions of its security software to fight the Log4j vulnerability. Log4j has generally been patched but can still affect some servers that could use help from Microsoft Defender.

Microsoft revealed that since mid-December, information technology has been releasing updates for Microsoft Defender for 365 that add together automated methods of detecting and fighting Log4j vulnerabilities. At present Defender can continuously watch for and identify vulnerabilities.

The latest version can detect vulnerable Log4j library components as well as vulnerable installed software that use the Log4j library. Microsoft added a dedicated Log4j dashboard with a consolidated view of discovered vulnerabilities.

DeviceTvmSoftwareEvidenceBeta is a new schema the update introduces which brings upward file-level findings from the disk and lets users correlate them with added context for advanced hunting. Users can too at present find vulnerabilities in installed programs with DeviceTvmSoftwareVulnerabilities in combination with DeviceTvmSoftwareEvidenceBeta.

These updates utilize to 365, Microsoft Defender for Endpoint, and Microsoft Defender for Containers. In improver to Windows 10 and 11, the updates are compatible with Windows Server 2008, 2022, and 2022. Linux users can get them if they update Defender for Linux to version 101.52.57 (30.121092.15257.0) or later.

Microsoft Defender for Containers is a cloud-based protection program that debuted in early December, designed specifically for protecting containers. The recent update lets it discover images vulnerable to Log4j. Information technology automatically scans them when they're pushed to an Azure container registry, pulled from one, or when they run on a Kubernetes cluster.

In the Azure portal, a recommendation that says "Container Registry images should have vulnerability findings resolved" should appear under "Microsoft Defender for Cloud," where Defender displays the vulnerable images. Users tin as well display just the vulnerable images currently running on a Kubernetes cluster, as well as view an Azure Resources Graph to become information about vulnerabilities across different clouds.

Image credit: Brett Sayles