IMPORTANT: McAfee Enterprise has published SB10377 - REGISTERED - Security Bulletin - McAfee Enterprise products' status for "Log4Shell" (CVE-2021-44228). It’s recommended that customers upgrade vulnerable systems to Apache Log4j 2.15.0. For third-party applications, contact the applications vendors on steps to do so. Attackers can leverage log messages or log message parameters to perform remote code execution on LDAP servers and other JNDI-related endpoints. This vulnerability is considered critical, with a CVSS(3.0) score of 10.0. McAfee Enterprise is aware of CVE-2021-44228, commonly referred to as Log4Shell, recently released by Apache. Updated IOC detections observed for in-the-wild payloads. Updated with a rule set for McAfee Web Gateway (MWG) and UCE.Īdded AC3 blog posting detailing Expert Rule/ExtraDAT coverage. Updated the "Tuning the Expert Rule for your Environment" section.Īdded an updated ExtraDAT for use with the Expert Rule solution containing improved cleaning drivers. Updated Extra.DAT file with a file that contains a 90-day expiration.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |