[ALERT8188] Information regarding the Log4j 2 vulnerability

Alert Details

On December 10th, ESET began researching a vulnerability in the Log4j 2 utility (CVE-2021-44228). This vulnerability may allow an attacker to remotely execute code.

For more information about the vulnerability, read our WeLiveSecurity article.

ESET engineering teams are working around the clock to identify, patch and protect any potentially vulnerable systems. At present we are not aware of any data exfiltration.

Mitigation steps: Follow the instructions in the WeLiveSecurity article Log4Shell vulnerability: What we know so far.

ESET Secure Authentication (ESA) users: Upgrade to ESA version 3.0.40 or later or manually update your Elasticsearch instance.

ESET Enterprise Inspector (EEI) users: Add detection rules in EEI to detect Log4j.

List of ESET products that can protect your system or network

As of December 11th, the Network Attack Protection feature in ESET security products on Windows was updated to detect exploits of the vulnerability. ESET has been blocking attempted attacks from 14:24 CET the same day.

The following ESET products are able to detect and block a potential attack on your system or network. If you are using an earlier version of ESET security product, we recommend that you upgrade your ESET product to the latest version.

  • Business products: ESET Endpoint Antivirus, ESET Endpoint Security and all ESET Server Security products version 7.0 and later.
  • Consumer products: ESET Internet Security, ESET Smart Security and ESET Smart Security Premium version 6.0 and later.
Figure 1-1

List of ESET products verified to be safe from Log4j 2 vulnerability

As of December 15th, ESET products listed below have been verified and confirmed not to be affected by the Log4j 2 vulnerability. That means the following products cannot be exploited to remotely execute code.

  • On-premises products:
    ESET Security Management Center
    ESET Remote Administrator
    ESET Enterprise Inspector
    ESET NOD32 Antivirus/Internet Security/Smart Security Premium for Windows
    ESET Endpoint Antivirus/Endpoint Security for Windows
    ESET Server Security for Microsoft Windows Server (former ESET File Security for Microsoft Windows Server)
    ESET Security for Microsoft SharePoint Server
    ESET Mail Security for Exchange
    ESET Mail Security for IBM Domino (former ESET Mail Security for IBM Lotus Domino)
    ESET Mobile Security for Android
    ESET Parental Control for Android
    ESET HOME - Mobile Apps
    ESET Server Security for Linux (former ESET File Security for Linux)
    ESET Security for Kerio
    ESET Endpoint Antivirus for Linux
    ESET Virtualization Security for VMware NSX
    ESET Mail/File/Gateway Security for Linux/BSD v4.5
    ESET NOD32 Antivirus for Linux v4 (Home and Business Edition)
    ESET Endpoint Antivirus/Endpoint Security for macOS
    ESET Cyber Security/Cyber Security Pro
    DEM for ConnectWise Automate
    DEM for (Solarwinds) N-able
    DEM for (Solarwinds) RMM
    DEM for NinjaOne
    DEM for Datto
    PSA Plugins 

  • Cloud products:
    ESET PROTECT Cloud (former ESET Cloud Administrator)
    ESET Enterprise Inspector Cloud
    ESET Cloud Office Security
    RMM for Kaseya
    ESET Secure Authentication Cloud 

  • Encryption products:
    ESET Endpoint Encryption
    ESET Endpoint Encryption for macOS
    ESET Endpoint Encryption Server
    ESET Full Disk Encryption
    ESET Full Disk Encryption for macOS

  • Portals:
    ESET Business Accounts
    ESET MSP Administrator
    ESET License Administrator

  • Tools/Other:
    ESET Shared Local Cache
    Rogue Detection Sensor
    Remote Deployment Tool