Hi,
If I am reading this https://kb.vmware.com/s/article/87081#vCenter67 correctly, the VMware vCenter Server and modules for Windows is not affected by the log4j?
/Bjarne
Ciao
The Windows vCenter is affect.
Check this Link
Workaround instructions to address CVE-2021-44228 in vCenter Server Windows (87096) (vmware.com)
Ciao
The Windows vCenter is affect.
Check this Link
Workaround instructions to address CVE-2021-44228 in vCenter Server Windows (87096) (vmware.com)
thank you ( found it as well hunting for more log4j errors) https://kb.vmware.com/s/article/87096
Thanks for reponse, are we able to fetch which log4j version are using by windows Vcenter?
DOH vMON.py is an attachment to the workaround.
Best regards
Bjarne
There is a Powershell script in this Reddit post, that will give you a list for those files on the server/pc.
https://old.reddit.com/r/blueteamsec/comments/rd38z9/log4j_0day_being_exploited/
The result I get, with the lastest version of vcenter installed, is that I have 2.11.2 and 2.8.2 on my installation.