How best to use PDQ Inventory/Deploy to mitigate the log4net.dll vulnerability. 

Comments

3 comments

  • Colby Bouma

    This pattern in a Files & Directories scanner should find all instances of that file in the Program Files folders:

    %SystemDrive%\Program Files*\**\log4net.dll

    For the collection(s), you should be able to use the File Version property. I don't have log4net.dll on my system, so I can't verify this.

    To update it, I would recommend updating the apps that use it. Changing libraries directly can cause instability in applications.

    0
    Comment actions Permalink
  • Lori Collins

    Thanks.  You actually ran that collection and came up with nothing?  Actually had run that same scenario and I am finding up to 38 of these log4net.dll files per computer on various applications per computer.  Just surprised that more people are not facing this problem as well. Thanks for the tip about updating apps; however, already running PDQ to update and still have the number of computers this these files growing.    

    0
    Comment actions Permalink
  • Colby Bouma

    Would you be willing to share the name of a few of those applications?

    If you try to update the DLL yourself, a big thing to watch out for is that there are 8 different editions.

    The "File description" and "Product version" fields specify which edition it is, at least for the files I downloaded from Nuget. However, I wouldn't be surprised if some apps compiled their own version and didn't set these fields.

    If the latest version of an application still includes an old version of log4net, I recommend reaching out to the vendor of that application.

    0
    Comment actions Permalink

Please sign in to leave a comment.