Log4J vulnerability azure HDinsights

UDAYA SRINIVASARAO KOTHAMASU 1 Reputation point
2021-12-14T06:38:47.437+00:00

As there is a Log4J vulnerability trending recently. May I get clarifications for the below points.

1) How the Log4J vulnerability impacting HDInsight service ? Any Impact on Yarn/Hive/Spark logging utilities

2) How can I prevent or take precautions from getting affected by Log4J?

3) Microsoft released any patches for mitigating this vulnerability?

4) does it affect any other applications released by Microsoft like Azure Cluster HDInsight Spark 2.4 (HDI 4.0)

Kindly provide the updates on this.

Azure HDInsight
Azure HDInsight
An Azure managed cluster service for open-source analytics.
202 questions
{count} votes

1 answer

Sort by: Most helpful
  1. PRADEEPCHEEKATLA-MSFT 83,566 Reputation points Microsoft Employee
    2021-12-14T07:09:37.847+00:00

    Hello @UDAYA SRINIVASARAO KOTHAMASU ,

    Thanks for the question and using MS Q&A platform.

    Microsoft is aware of active exploitation of a critical Log4j Remote Code Execution vulnerability affecting various industry-wide Apache products. This vulnerability is in the open source Java component Log4J versions 2.0 through 2.14.1 (inclusive) and is documented in Apache CVE-2021-44228.

    Azure HDInsight Engineering team has built a patch and currently applied it to all clouds. Public cloud patching is already completed. No customer action is needed at this time. The patch is applicable to both HDInsight 3.6 and 4.0 clusters.

    Hope this will help. Please let us know if any further queries.

    ------------------------------

    • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
    • Want a reminder to come back and check responses? Here is how to subscribe to a notification
    • If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators