Hi @Sean ,
Microsoft products do not by default ship or use Log4J, which means they are not directly vulnerable.
The Log4J vulnerability concerns the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class.
Note: Only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.
Reference:
https://logging.apache.org/log4j/2.x/security.html
----------
If the reply was helpful please don't forget to upvote
and/or accept as answer
, thank you!
Best regards,
Leon