Is my Dynamics GP affected by the Log4j-Log4Shell vulnerability?

A recent security vulnerability (aka Zero-Day exploit) was reported by a company named Cyber Kendra that affects the Apache eco-system and its underlying Java component used for data logging.

Apache Log4j Vulnerability

Many GP customers & clients started to worry about the vulnerability and if there GP environment could be prone to an attack from hackers due to that zero-day security flaw. The short answer is: No, it shouldn’t. To my knowledge none of the components used to setup GP, and in particular the Web Components, makes use of Java libraries or any Apache components.

That being said, I’ve yet to see an official statement from Microsoft that confirms this, but as a former coder/programmer, I’m fairly confident that there isn’t any risks associated with that threat for GP’s eco-system, as Microsoft uses the IIS and ASP .NET platform for that purpose. None of that requires Java or Apache components to be installed.

If you’re interested in more technical details, there are plenty of web sites out there that talk about the recent discovery, but this one seems pretty well done and explains with a graphic how an attack would unfold on your systems (given it’s facing the Wild Wild West open internet)
https://thehackernews.com/2021/12/apache-log4j-vulnerability-log4shell.html

Hope that you enjoyed reading this and until next post, wish you a happy life.
@GP_Beat

Update (2021-12-15): Following this community thread that was started on 12/13, Microsoft confirmed that there is nothing from that vulnerability that affects Dynamics GP. https://community.dynamics.com/gp/f/microsoft-dynamics-gp-forum/442010/log4j-vulnerability/1214737

Advertisement

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Website Powered by WordPress.com.

Up ↑

mpolino.com

The personal blog of Mark Polino

Erik Svensen - Blog about Power BI, Power Apps, Power Query

Blog about Power BI, Power Apps, Power Query

Freddys blog

Learn something new... - then Teach someone!

Life Hacks 365

Microsoft Dynamics & Microsoft Office Tips & Tricks

Vicky Rodgers - Microsoft Dynamics 365

Everything Microsoft Dynamics 365 for Customer Engagement

ReadyXRM

Stuff about the Microsoft Power Platform and Dynamics 365

The Dynamics Explorer

Exploring the World of Microsoft Dynamics ERP

Paul S. Randal

My contribution to the never ending Dynamics GP journey

%d bloggers like this: