• Tip for the weekend – scanning for Log4j vulnerabilities

    Posted on January 9, 2022 at 00:32 CST by Comment in the Forums

    Video here

    I wrote about this the other day in the newsletter to check your computer for the Log4j2 vulnerability. So far the good news is that I’ve not seen active attacks in consumer computers, but I have seen vendors taking action to patch their software in business software. Now comes word that the Federal Trade Commission is reaching out to warn vendors to step up and ensure that their software is patched.

    While I don’t see this as an issue for consumers, it’s still a concern for those of us in small businesses, as we don’t have the power to demand stuff from our vendors. For us, it is what it is.

    I’ve found a tool that does a better job of identifying if your system has vulnerable code. It’s from Qualys and can be downloaded here. 

    You download the zip file, extract it. Now open up a command window, right mouse click to run as admin and leave it open. (watch the video for a demonstration)

    Get yourself to where you downloaded the file (this is often the tricky part) and then run the command log4jscanner.exe

    Now wait for it to scan your drives. This may take some time. On my laptop it found nothing on the drive. On my machine that I am typing this up from, it found some old files on my spare E drive.  I can remove them with no issues. But on my office computers, it found files on some line of business vendor software that I use.

    So now what? It’s active software so I can’t uninstall it. But keep in mind that the attacker has to get on to your system first, unlike the cloud vendors I don’t have the vulnerable software exposed directly to the web. So they have to get on my system first. And that means to me that they can nail me lots of OTHER ways first. So while I am going to reach out to my vendor, I’m not panicking.  But it is interesting to see how the FTC is getting into the act of pushing our vendors to get better.

    So if you are a small business tech person like me?  Check your computers to see what vendors you need to push.

     

     

    Security, Small Business Computing
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    March 2025
    S M T W T F S
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.