Datto Releases Tool to Combat Log4j Vulnerability
December 22, 2021
is encouraging all MSPs to download a free script that it has
developed and made available on GitHub for any Remote Monitoring and
Management (RMM) solution. This Endpoint Assessment Tool can
uniquely enumerate potentially vulnerable systems, detect intrusion
attempts, and inoculate Windows systems against Log4j attacks.
On December 10, a serious zero-day vulnerability in the Apache Log4j
logging framework was disclosed. The bug, which allows malicious
actors to exploit vulnerable systems remotely, has been given the
highest severity score, and governments globally have issued alerts.
Within the critical 24 to 48 hour period following the disclosure of
the vulnerability, Datto first declared its products safe for use.
Datto immediately began sharing active threat intelligence with the
MSP community about attacks it observed to help MSPs understand the
Log4j threat and how it was being exploited.
Datto packaged quality contributions from the security community
into an MSP-friendly form and released two different versions of an
Endpoint Assessment Tool to help Datto partners and all MSPs detect
and respond to potential exploitations. The adoption of the
component created for Datto RMM has been utilized by almost 50% of
all Datto RMM partners, which represents millions of scans of
endpoints by MSPs for vulnerabilities at client-sites that are small
and medium businesses.
“The adoption rate of the Datto RMM component tool has been
tremendous, with half our Datto RMM partner base utilizing it to
scan protected endpoints. I’m hearing from partners that they
finally feel empowered to respond to this emerging threat with this
tool,” said Ryan Weeks, Chief Information Security Officer at Datto.
“From a community defense perspective, we want to make effective
response tools broadly available to help every MSP in the channel to
become more secure and to withstand cyber attacks. It is a chief
priority at this time to encourage all MSPs to take advantage of the
tools we’ve made available in Datto RMM and on GitHub to protect
themselves and their clients. RMMs offer a key systems inventory and
response capability that makes it easy to view, manage, and secure
your endpoints during critical events.”
Unlike other scanners, scripts, and tools made in the wake of
Log4Shell, which only scan the system for insecure JAR files,
Datto’s tool goes a step further. It provides the ability to search
the contents of server logs to detect intrusion attempts as well as
inoculate Windows systems against Log4j attacks.
Weeks continued, “During this critical time, I am pleased to see
there has been some great information sharing and that we are really
coming together as a community. However, the Log4j response is going
to require diligence for weeks to come as more vulnerabilities are
released, as nuances in the mitigations are understood, and as
provides the following advice for MSPs:
● Update all Java applications which use Log4j
● Restrict outbound network access from affected hosts so Java
classes can not be downloaded from remote locations
● Talk to your vendors about their posture with regards to Log4j and
how they are assessing their own vendors (known as fourth-party