Is docs.microsoft.com or Visual Studio subscription site impacted by "Apache Log4j 2" library. This vulnerability is identified as CVE-2021-44228

Question

Is learn.microsoft.com or Visual Studio subscription site impacted by "Apache Log4j 2" library. This vulnerability is identified as CVE-2021-44228?

Answer 1

Might ask them here. (create a new issue)
https://github.com/MicrosoftDocs/windowsserverdocs/issues

and for Visual Studio subscription issues you can submit a ticket here for support.
https://visualstudio.microsoft.com/subscriptions/support/

or chat online with them
https://learn.microsoft.com/en-us/visualstudio/subscriptions/vs-concierge-chat

--please don't forget to upvote and Accept as answer if the reply is helpful--

Answer 2

Hello @Greg Read

You can find Microsoft official guide and statements here:

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/new-blog-post-microsoft-s-response-to-cve-2021-44228-apache/m-p/3037435

https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/

Hope this helps with your query,

-----------

--If the reply is helpful, please Upvote and Accept as answer--

Answer 3

This is a fairly generic response to the issue. When will Microsoft issue a more specific response on remediation completion?

Answer 4

Read on here.
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/

--please don't forget to upvote and Accept as answer if the reply is helpful--