Spider 6.4.5-R8 and Software Services Release: Log4j vulnerability report based on jar files, Date: January 10, 2021

jborchers
Moderator Moderator
Moderator
0 0 259

Spider 6.4.5-R8 and Software Service 1.2201.1 are available

Release Date: 2022-01-10

Due to the scope and criticality of the Log4j vulnerability, we have extended a way how Spider can gather and  process log4j-jar files for a new vulnerability report. Therefore we have released new versions of Spider and Software Services. 
All components are available in our Product and License Center.

For further information please see our knowledge base article:
Spider-Knowledge-Base: Log4j vulnerability report: How can Spider gather and report log4j*.jar files? 

Software Service 1.2201.1 - Spider Recognition module

The Spider Recognition module can now process log4j*.jar files so that they are stored as file evidence (file scan) in addition to the .exe files. We decided that only log4j*.jar files will be processed and saved. Other jar files are discarded during import so that the file scan is not unnecessarily enlarged and arithmetic operations are not unnecessarily slowed down. If no jar files are delivered, there will be no changes. No further settings are required in the recognition module.

In addition, we have included a bug fix. With the device detection only via hostname and domain name, the device data records could be duplicated. If other identification fields such as UUID or URN are used, this error did not occur. The bug has been fixed. We kindly ask customers who have observed the problem to contact the support team.

Upgrading to this version does not change the contents of the catalog.
All changes will also be included in the next monthly release for January. 

Software Service 1.2201.1 - Spider Data Collector

The Spider Data Collector contains the connector to the Microsoft Endpoint Configuration Manager (former SCCM). This connector has been expanded with this version.
If it is set in the Configuration Manager that *.jar files should also be collected, log4j*.jar files are exported for Spider. Other jar files are skipped and are not exported. The effects on the generated export files are therefore limited to the additional log4j-jar files. If the Configuration Manager does not collect any jar files, there is no difference to the previous version.
Customers who do not want to use this functionality or who do not use a Microsoft Endpoint Configuration Manager (SCCM) do not need to import this version of the Spider Data Collector.

Spider 6.4.5-R8 - Log4j vulnerability report

Spider delivers a new vulnerability report "Vulnerability Report for Log4j". The report shows gathered log4j*.jar files on the scanned devices for authorized legal entities. Jar file gathering has to enabled. This is possible with Spider Inventory (former Columbus Inventory) and with Endpoint Manager Configuration Manager (former SCCM). The report is pre-authorized for the role "Asset Manager". Other roles have to be authorized via Spider Admin Tool.

For further information please see our knowledge base article:
Spider-Knowledge-Base: Log4j vulnerability report: How can Spider gather and report log4j*.jar files?

Director Product Management Hamburg, Germany