首页 > 最新消息 >[更新重要讯息] log4j 零日漏洞之客户因应措施

最新消息

2021-12-13

[更新重要讯息] log4j 零日漏洞之客户因应措施


近日JAVA日志纪录工具 "log4j"之零日漏洞与其漏洞利用程式码已遭到公开,可能被骇客利用于骇侵攻击。达友目前代理的信息安全产品也有使用到该元件,包括Forcepoint DLP与FSM在内,为避免遭受攻击,有使用log4j之单位,请根据以下建议进行相关防护措施。除了Forcepoint之外,目前Menlo Security与OPSWAT两家原厂目前暂未有产品受到影响,Sophos表示只有cloud optix及mobile EAS proxy这2个产品有受到影响,需上patch, 其它产品皆不受影响,达友科技也持续在仔细盘点各项产品的技术模组中的状况,将会持续更新。

 

◎建议措施:
1.将"log4j2.formatMsgNoLookups"设定为"True",或是将log4j更新至"log4j-2.15.0-rc1" 或更新版本。

2. Forcepoint的产品用户请在服务的指令参数上加一个字串变数,并请依据以下Forcepoint产品别参考以下内容。

Forcepoint完整因应措施教学一次看

Forcepoint FSM (Forcepoint Security Manager)

1.    Open the EIPManagerw.exe. By default, this is located at C:Program Files (x86)WebsenseEIP Infra omcatinEIPManagerw.exe

2.    Select the Java tab.

3.    In Java Options, add: -Dlog4j.formatMsgNoLookups=true

4.    Open Services (run command: services.msc)

5.    Right-click and restart Websense TRITON Unified Security Center 

·       If restarting from command line, the service name is EIPManager

Forcepoint DLP

1.    Open the DSSManagerw.exe. By default, this is located at C:Program Files (x86)WebsenseData Security omcatinDSSManagerw.exe

2.    Select the Java tab.

3.    In Java Options, add: -Dlog4j.formatMsgNoLookups=true

4.    Open Services (run command: services.msc)

5.    Right-click and restart Websense Data Security Manager

·       If restarting from command line, the service name is DSSManager

DLP针对此弱点新增必须修正的项目如下红字所示:

完整内容与档案下载请登入Forcepoint Customer Hub

Manual Mitigation Steps for the DLP Management server

Important For the DLP Management server to be fully mitigated, customers must also run the manual procedure provided for the FSM component in CVE-2021-44228 Java log4j vulnerability mitigation with Forcepoint Security Manager. The procedure involves adding an identical line as described below to the Java Options tab of "EIP Infra omcatinEIPManagerw.exe" and restarting the Websense TRITON Unified Security Center service.

Manual Mitigation for the Data Security Manager service:

  1. Launch %DSS_HOME%tomcatinDSSManagerw.exe 
  2. Select the Java tab.
  3. In the Java Options tab, append the following text in a new line:
    • -Dlog4j.formatMsgNoLookups=true
  4. Click OK.
  5. Open Services (run command: services.msc).
  6. Restart the Websense Data Security Manager service.

Manual Mitigation for the Data Security Batch Server service:

  1. Launch %DSS_HOME%Data-Batch-Serverservice-configDSSBatchServerw.exe
  2. Select the Java tab.
  3. In the Java Options tab, append the following text in a new line:
    • -Dlog4j.formatMsgNoLookups=true
  4. Click OK.
  5. Open Services (run command: services.msc).
  6. Restart the Websense Data Batch Server service.

Manual Mitigation for the Data Security Message Broker service:

  1. Launch %DSS_HOME%MessageBrokerservice-configDSSMessageBrokerw.exe
  2. Select the Java tab.
  3. In the Java Options tab, append the following text in a new line:
    • -Dlog4j.formatMsgNoLookups=true
  4. Click OK.
  5. Open Services (run command: services.msc).
  6. Restart the Websense Data Security Message Broker service.

Manual Mitigation for the DLP Endpoint Server Connector service:

  1. Access the %DSS_HOME%EPS_CAMELservice-config folder.
  2. Backup the log4j2.xml file.
  3. Download the log4j2.xml file attached to this article.
  4. Overwrite the log4j2.xml file with the downloaded log4j2.xml file.
  5. Open Services (run command: services.msc).
  6. Restart the Websense DLP Endpoint Server Connector service.

Manual Mitigation Steps for DLP Supplementary Servers

  1. Access the %DSS_HOME%EPS_CAMELservice-config folder
  2. Backup the log4j2.xml file.
  3. Download the log4j2.xml attached to this article.
  4. Overwrite the log4j2.xml file with the downloaded log4j2.xml file.
  5. Open Services (run command: services.msc).
  6. Restart the Websense DLP Endpoint Server Connector service.