Dec 17, 20216.6.121

New

  • The Windows authenticated check is now supported to detect Log4j in your environment. This check uses the Windows File System Search to allow scan engines to search all local file systems for specific files on Windows assets. For more information, see Scan for Log4j in the InsightVM documentation.
  • Disable remote checks. If your scans have generated nMap errors because of unauthenticated checks, you can now disable remote checks.

Improved

  • You can now leverage remote checks with a public endpoint.

    Risk: Remote checks with a public endpoint

    Using a public endpoint to scan for Log4Shell carries risk in payload and callback.

    Our suggestion to reduce the risk is to actively monitor for anomalous connections and leverage encrypted protocols where possible (LDAPS, HTTPS, etc). While this specific scan case does introduce some level of additional risk, the pervasive and wide spread exploit activity and interest related to current Log4j situation library warrant evaluating acceptable activities towards mitigation.