So how exactly is Log4j supposed to be patched/mitigated on Windows?

• local-log4j-vuln-scanner

  10 383 1.8 Go

  Simple local scanner for vulnerable log4j instances

We are downloaded the windows binary from here https://github.com/hillu/local-log4j-vuln-scanner and I wrote a powershell script that scans all local mapped drives for jar and war files and logs what it scans and any vulnerable findings. Found an old software package in use in our environment running log4j too

• CVE-2021-44228-Scanner

  17 854 0.0 Java

  Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228

  

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• log4jscanwin

  4 154 1.3 C

  Log4j Vulnerability Scanner for Windows

  

This just came out - haven’t tested it yet though - https://github.com/Qualys/log4jscanwin

• PatchAgainstLog4Shell

  2 7 0.0 PowerShell

  This is for patching against Log4Shell in Windows via Powershell

I published a Powershell script to make finding and patching against Log4Shell easier on Windows systems. I hope it can help you, OP. Patch Against Log4Shell

• nse-log4shell

  4 349 0.0 Lua

  Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228)

  

log4shell or LogJam vulnerabilities (CVE-2021-44228) https://github.com/Diverto/nse-log4shell

• incidentresponse

  6 24 0.0 PowerShell

Use https://github.com/sp4ir/incidentresponse/blob/main/Get-Log4shellVuln.ps1 to find any jars with the JNDI look up.

Suggest a related project