Sql Server - Log4j vulnerability

T A 1 Reputation point
2021-12-29T17:43:33.667+00:00

how do I fix the Log4j vulnerability on my SQL Server

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
12,742 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmeliaGu-MSFT 13,961 Reputation points Microsoft Vendor
    2021-12-30T02:17:27.353+00:00

    Hi TA-0956,

    Welcome to Microsoft Q&A.

    Microsoft is currently evaluating the presence of older versions of log4j shipped with some of the product components. While these files are not impacted by the vulnerabilities in CVE-2021-44228 or CVE-2021-4104, the respective engineering teams are assessing their use of these files to determine their long-term plans to address the end of life for Log4J 1.2.
    Note that if installing java support and deploys Java Archives (JARS) that depend on the Log4j 2 library, they are advised to upgrade to the latest version or remove Java Archives (JARs) that require the dependency.
    For the most up to date information on the issue status, please refer to the MSRC Advisory and Microsoft Security Threat Intelligence sites.

    Best Regards,
    Amelia

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments
  2. Tom Phillips 17,716 Reputation points
    2021-12-29T17:59:29.563+00:00
    0 comments