Microsoft is currently investigating a problem with the detection of attacks via the Log4j vulnerability. As the company had to admit, the Microsoft 365 Defender scanner has a bug that leads to a lot of false-positive alarms.
This is now reported by Bleeping Computer, among others. Microsoft boasted pretty quickly after the Log4j security hole in Java became known that the Defender was a simple solution for companies that could detect the vulnerability and attacks via Log4j and send warnings. But now it turns out: The Microsoft Defender Log4j scanner triggers far too many false-positive alarms. Microsoft Defender for Endpoint will then display warnings about “sensor tampering”.
Not all systems are affected
As far as is known, the warnings are mainly displayed on Windows Server 2016 systems and report “possible sensor manipulation in memory that was detected by Microsoft Defender for Endpoint”, which was caused by an OpenHandleCollector.exe process.
Although the behavior of this Defender process is classified as malicious, there is nothing to worry as it is false positives, said Tomer Teller, PM manager at Microsoft.
Microsoft is currently investigating this Microsoft 365 Defender problem and is working on a fix that should be available as soon as possible for the affected systems. The security team also worked on the bug over the holidays in order to publish an improvement in a timely manner. “This is part of the work we’ve done to detect Log4j instances on disk. The team is analyzing why it is triggering the warning (which it shouldn’t, of course),” said Teller.
Threat actors use the critical Log4j vulnerability to access systems around the world and then encrypt data and steal data. Among other things, groups of hackers have already been spotted who are increasingly using the new vulnerability to distribute malicious code such as the notorious Dridex banking Trojan.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.