How best to use PDQ Inventory/Deploy to mitigate the log4net.dll vulnerability.
I could use some help using inventory to create a collection/collections to locate all the log4net.dll files less than 2.0.12. They seem to be found in multiple locations within program files in Windows. It appears you must find the specific version and use a binary to update each specific version. Any suggestions on how to use Inventory and then Deploy to resolve this security vulnerability? I am surprised PDQ has not done a blog or video on this yet. I keep looking and at this point just need to get this resolved.
Comments
This pattern in a Files & Directories scanner should find all instances of that file in the Program Files folders:
For the collection(s), you should be able to use the File Version property. I don't have log4net.dll on my system, so I can't verify this.
To update it, I would recommend updating the apps that use it. Changing libraries directly can cause instability in applications.
Thanks. You actually ran that collection and came up with nothing? Actually had run that same scenario and I am finding up to 38 of these log4net.dll files per computer on various applications per computer. Just surprised that more people are not facing this problem as well. Thanks for the tip about updating apps; however, already running PDQ to update and still have the number of computers this these files growing.
Would you be willing to share the name of a few of those applications?
If you try to update the DLL yourself, a big thing to watch out for is that there are 8 different editions.
The "File description" and "Product version" fields specify which edition it is, at least for the files I downloaded from Nuget. However, I wouldn't be surprised if some apps compiled their own version and didn't set these fields.
If the latest version of an application still includes an old version of log4net, I recommend reaching out to the vendor of that application.