首頁 > 最新消息 >[更新重要訊息] log4j 零日漏洞之客戶因應措施

最新消息

2021-12-13

[更新重要訊息] log4j 零日漏洞之客戶因應措施


近日JAVA日誌紀錄工具 "log4j"之零日漏洞與其漏洞利用程式碼已遭到公開,可能被駭客利用於駭侵攻擊。達友目前代理的資安產品也有使用到該元件,包括Forcepoint DLP與FSM在內,為避免遭受攻擊,有使用log4j之單位,請根據以下建議進行相關防護措施。除了Forcepoint之外,目前Menlo Security與OPSWAT兩家原廠目前暫未有產品受到影響,Sophos表示只有cloud optix及mobile EAS proxy這2個產品有受到影響,需上patch, 其它產品皆不受影響,達友科技也持續在仔細盤點各項產品的技術模組中的狀況,將會持續更新。

 

◎建議措施:
1.將"log4j2.formatMsgNoLookups"設定為"True",或是將log4j更新至"log4j-2.15.0-rc1" 或更新版本。

2. Forcepoint的產品用戶請在服務的指令參數上加一個字串變數,並請依據以下Forcepoint產品別參考以下內容。

Forcepoint完整因應措施教學一次看

Forcepoint FSM (Forcepoint Security Manager)

1.    Open the EIPManagerw.exe. By default, this is located at C:Program Files (x86)WebsenseEIP Infra omcatinEIPManagerw.exe

2.    Select the Java tab.

3.    In Java Options, add: -Dlog4j.formatMsgNoLookups=true

4.    Open Services (run command: services.msc)

5.    Right-click and restart Websense TRITON Unified Security Center 

·       If restarting from command line, the service name is EIPManager

Forcepoint DLP

1.    Open the DSSManagerw.exe. By default, this is located at C:Program Files (x86)WebsenseData Security omcatinDSSManagerw.exe

2.    Select the Java tab.

3.    In Java Options, add: -Dlog4j.formatMsgNoLookups=true

4.    Open Services (run command: services.msc)

5.    Right-click and restart Websense Data Security Manager

·       If restarting from command line, the service name is DSSManager

DLP針對此弱點新增必須修正的項目如下紅字所示:

完整內容與檔案下載請登入Forcepoint Customer Hub

Manual Mitigation Steps for the DLP Management server

Important For the DLP Management server to be fully mitigated, customers must also run the manual procedure provided for the FSM component in CVE-2021-44228 Java log4j vulnerability mitigation with Forcepoint Security Manager. The procedure involves adding an identical line as described below to the Java Options tab of "EIP Infra omcatinEIPManagerw.exe" and restarting the Websense TRITON Unified Security Center service.

Manual Mitigation for the Data Security Manager service:

  1. Launch %DSS_HOME%tomcatinDSSManagerw.exe 
  2. Select the Java tab.
  3. In the Java Options tab, append the following text in a new line:
    • -Dlog4j.formatMsgNoLookups=true
  4. Click OK.
  5. Open Services (run command: services.msc).
  6. Restart the Websense Data Security Manager service.

Manual Mitigation for the Data Security Batch Server service:

  1. Launch %DSS_HOME%Data-Batch-Serverservice-configDSSBatchServerw.exe
  2. Select the Java tab.
  3. In the Java Options tab, append the following text in a new line:
    • -Dlog4j.formatMsgNoLookups=true
  4. Click OK.
  5. Open Services (run command: services.msc).
  6. Restart the Websense Data Batch Server service.

Manual Mitigation for the Data Security Message Broker service:

  1. Launch %DSS_HOME%MessageBrokerservice-configDSSMessageBrokerw.exe
  2. Select the Java tab.
  3. In the Java Options tab, append the following text in a new line:
    • -Dlog4j.formatMsgNoLookups=true
  4. Click OK.
  5. Open Services (run command: services.msc).
  6. Restart the Websense Data Security Message Broker service.

Manual Mitigation for the DLP Endpoint Server Connector service:

  1. Access the %DSS_HOME%EPS_CAMELservice-config folder.
  2. Backup the log4j2.xml file.
  3. Download the log4j2.xml file attached to this article.
  4. Overwrite the log4j2.xml file with the downloaded log4j2.xml file.
  5. Open Services (run command: services.msc).
  6. Restart the Websense DLP Endpoint Server Connector service.

Manual Mitigation Steps for DLP Supplementary Servers

  1. Access the %DSS_HOME%EPS_CAMELservice-config folder
  2. Backup the log4j2.xml file.
  3. Download the log4j2.xml attached to this article.
  4. Overwrite the log4j2.xml file with the downloaded log4j2.xml file.
  5. Open Services (run command: services.msc).
  6. Restart the Websense DLP Endpoint Server Connector service.

 

 

達友科技股份有限公司 版權所有 Copyright ©2015 Docutek Solutions , Inc.