Log4Shell / Log4J Detection
Detects and reports Log4Shell / Log4J vulnerabilities.
Worklet Details
When should you use the Log4Shell and/or Log4J Detection Worklet?
Use this PowerShell Worklet to scan all of the fixed drives on a Windows system to detect Log4Shell or Log4J vulnerabilities so that you can remediate them.
What is the Log4j vulnerability?
Initially reported on November 24, 2021, as an instant CVSS 10 out of 10 in severity, the Apache Log4j vulnerability – which is a remote code execution vulnerability – put hundreds of millions of endpoints at risk.
Log4j or Log4Shell is a zero-day unauthenticated remote code execution (RCE) vulnerability in Log4j versions 2.0-beta9 up to 2.14.1 identified as CVE-2021-44228. Log4Shell scores a perfect 10.0 on CVSS, the maximum possible criticality for a vulnerability. Since the initial vulnerability and subsequent patch, there have been several other vulnerabilities discovered and patched. You can learn more about the timeline of Log4j/Log4Shell events and the full scope of impact here.
How to detect a Log4j vulnerability on your systems via this Worklet
This Worklet uses a PowerShell script to scan all of the fixed drives on a system to detect any Log4Shell or Log4J vulnerabilities. It will post the results for each system to the activity log in the Automox console.
The script will deliver either a PASS or FAIL. For example:
FAIL: The following Java applications contain Log4j JndiLookup, do not appear to have been updated to Log4J 2.16+ or Log4J 2.12.2+, and are likely subject to Log4Shell (CVE-2021-44228, CVE-2021-45046).
PASS: No Java applications containing unpatched Log4j were found.
The code for this Worklet was derived from code shared with the Automox community by David Ries at Arctic Wolf.
Why you should scan fixed drives for Log4j now
Scanning fixed drives helps detect any instances of Log4j and determine if the system is susceptible to exploitation. By scanning fixed drives for the Log4j vulnerability, you’ll be able to accurately assess the level of risk present in the system. You can then identify which applications, libraries, or systems are vulnerable and prioritize your mitigation efforts accordingly with the latest security patches and updates.
TRY WORKLETS TODAY FOR FREE
Start now and begin controlling your endpoints within 15 minutes.
No credit card required. By submitting this form you agree to our Master Services Agreement and Privacy Policy.
Already have an account? Log in
Consider Worklets your easy button
What's a Worklet?
A Worklet is an automation script, written in Bash or PowerShell, designed for seamless execution on endpoints – at scale – within the Automox platform. Worklet automation scripts perform configuration, remediation, and the installation or removal of applications and settings across Windows, macOS, and Linux.
AUTOMOX + WORKLETS™
Supercharge your endpoint management
Uncover new possibilities with simple, powerful automation.
By submitting this form you agree to our Master Services Agreement and Privacy Policy
