Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA12396
RCE vulnerability in Microsoft Developer Tools

Updated: 04/22/2023
Detect date
?
 12/16/2021
Severity
?
 Critical
Description

Remote code execution vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to execute arbitrary code.
Exploitation

The following public exploits exists for this vulnerability:

https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes

https://github.com/winnpixie/log4noshell

https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words

https://github.com/kozmer/log4j-shell-poc

https://github.com/TheArqsz/CVE-2021-44228-PoC

https://github.com/1lann/log4shelldetect

https://github.com/f0ng/log4j2burpscanner

https://github.com/logpresso/CVE-2021-44228-Scanner

https://github.com/vorburger/Log4j_CVE-2021-44228

https://github.com/b-abderrahmane/CVE-2021-44228-playground

https://github.com/Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs

https://github.com/datadavev/test-44228

https://github.com/LemonCraftRu/JndiRemover

https://github.com/darkarnium/Log4j-CVE-Detect

https://github.com/mergebase/log4j-detector

https://github.com/corretto/hotpatch-for-apache-log4j2

https://github.com/alexandre-lavoie/python-log4rce

https://github.com/CodeShield-Security/Log4JShell-Bytecode-Detector

https://github.com/dtact/divd-2021-00038–log4j-scanner

https://github.com/Malwar3Ninja/Exploitation-of-Log4j2-CVE-2021-44228

https://github.com/authomize/log4j-log4shell-affected

https://github.com/guardicode/CVE-2021-44228_IoCs

https://github.com/nccgroup/log4j-jndi-be-gone

https://github.com/qingtengyun/cve-2021-44228-qingteng-online-patch

https://github.com/tasooshi/horrors-log4shell

https://github.com/twseptian/spring-boot-log4j-cve-2021-44228-docker-lab

https://github.com/OlafHaalstra/log4jcheck

https://github.com/psychose-club/Saturn

https://github.com/Panyaprach/Proof-CVE-2021-44228

https://github.com/palominoinc/cve-2021-44228-log4j-mitigation

https://github.com/cyberxml/log4j-poc

https://github.com/Diverto/nse-log4shell

https://github.com/maxant/log4j2-CVE-2021-44228

https://github.com/atnetws/fail2ban-log4j

https://github.com/fireeye/CVE-2021-44228

https://github.com/fullhunt/log4j-scan

https://github.com/rubo77/log4j_checker_beta

https://github.com/thecyberneh/Log4j-RCE-Exploiter

https://github.com/sourcegraph/log4j-cve-code-search-resources

https://github.com/thedevappsecguy/Log4J-Mitigation-CVE-2021-44228–CVE-2021-45046–CVE-2021-45105–CVE-2021-44832

https://github.com/helsecert/CVE-2021-44228

https://github.com/avwolferen/Sitecore.Solr-log4j-mitigation

https://github.com/0xDexter0us/Log4J-Scanner

https://github.com/LutziGoz/Log4J_Exploitation-Vulnerabiliy__CVE-2021-44228

https://github.com/0xsyr0/Log4Shell

https://github.com/manuel-alvarez-alvarez/log4j-cve-2021-44228

https://github.com/Koupah/MC-Log4j-Patcher

https://github.com/kossatzd/log4j-CVE-2021-44228-test

https://github.com/tobiasoed/log4j-CVE-2021-44228

https://github.com/hackinghippo/log4shell_ioc_ips

https://github.com/claranet/ansible-role-log4shell

https://github.com/rodfer0x80/log4j2-prosecutor

https://github.com/lfama/log4j_checker

https://github.com/giterlizzi/nmap-log4shell

https://github.com/Occamsec/log4j-checker

https://github.com/Contrast-Security-OSS/CVE-2021-44228

https://github.com/back2root/log4shell-rex

https://github.com/alexbakker/log4shell-tools

https://github.com/alpacamybags118/log4j-cve-2021-44228-sample

https://github.com/nu11secur1ty/CVE-2021-44228-VULN-APP

https://github.com/ankur-katiyar/log4j-docker

https://github.com/immunityinc/Log4j-JNDIServer

https://github.com/DANSI/PowerShell-Log4J-Scanner

https://github.com/suniastar/scan-log4shell

https://github.com/shivakumarjayaraman/log4jvulnerability-CVE-2021-44228

https://github.com/j3kz/CVE-2021-44228-PoC

https://github.com/Apipia/log4j-pcap-activity

https://github.com/axelcurmi/log4shell-docker-lab

https://github.com/otaviokr/log4j-2021-vulnerability-study

https://github.com/kkyehit/log4j_CVE-2021-44228

https://github.com/trickyearlobe/inspec-log4j

https://github.com/TheInterception/Log4J-Simulation-Tool

https://github.com/KeysAU/Get-log4j-Windows-local

https://github.com/mschmnet/Log4Shell-demo

https://github.com/Rk-000/Log4j_scan_Advance

https://github.com/puzzlepeaches/Log4jCenter

https://github.com/Labout/log4shell-rmi-poc

https://github.com/djungeldan/Log4Me

https://github.com/ArkAngeL43/f-for-java

https://github.com/spasam/log4j2-exploit

https://github.com/bumheehan/cve-2021-44228-log4j-test

https://github.com/JagarYousef/log4j-dork-scanner

https://github.com/dmitsuo/log4shell-war-fixer

https://github.com/Y0-kan/Log4jShell-Scan

https://github.com/julian911015/Log4j-Scanner-Exploit

https://github.com/intel-xeon/CVE-2021-44228—detection-with-PowerShell

https://github.com/chandru-gunasekaran/log4j-fix-CVE-2021-44228

https://github.com/erickrr-bd/TekiumLog4jApp

https://github.com/snapattack/damn-vulnerable-log4j-app

https://github.com/sassoftware/loguccino

https://github.com/xx-zhang/apache-log4j2-CVE-2021-44228

https://github.com/r00thunter/Log4Shell-Scanner

https://github.com/mn-io/log4j-spring-vuln-poc

https://github.com/rejupillai/log4j2-hack-springboot

https://github.com/lucab85/log4j-cve-2021-44228

https://github.com/BabooPan/Log4Shell-CVE-2021-44228-Demo

https://github.com/ossie-git/log4shell_sentinel

https://github.com/r00thunter/Log4Shell

https://github.com/asyzdykov/cve-2021-44228-fix-jars

https://github.com/NatteeSetobol/Log4JPOC

https://github.com/faisalfs10x/Log4j2-CVE-2021-44228-revshell

https://github.com/0xInfection/LogMePwn

https://github.com/fox-it/log4j-finder

https://github.com/34zY/JNDI-Exploit-1.2-log4shell

https://github.com/wortell/log4j

https://github.com/BinaryDefense/log4j-honeypot-flask

https://github.com/MalwareTech/Log4jTools

https://github.com/guerzon/log4shellpoc

https://github.com/xsultan/log4jshield

https://github.com/HynekPetrak/log4shell-finder

https://github.com/CERTCC/CVE-2021-44228_scanner

https://github.com/dbzoo/log4j_scanner

https://github.com/JustinDPerkins/C1-WS-LOG4SHELL

https://github.com/bhprin/log4j-vul

https://github.com/anuvindhs/how-to-check-patch-secure-log4j-CVE-2021-44228

https://github.com/KeysAU/Get-log4j-Windows.ps1

https://github.com/gitlab-de/log4j-resources

https://github.com/redhuntlabs/Log4JHunt

https://github.com/mss/log4shell-hotfix-side-effect

https://github.com/111coding/log4j_temp_CVE-2021-44228

https://github.com/MeterianHQ/log4j-vuln-coverage-check

https://github.com/mitiga/log4shell-cloud-scanner

https://github.com/isuruwa/Log4j

https://github.com/honeynet/log4shell-data

https://github.com/inettgmbh/checkmk-log4j-scanner

https://github.com/MkTech-0-8YT3/CVE-2021-44228

https://github.com/VerveIndustrialProtection/CVE-2021-44228-Log4j

https://github.com/LiveOverflow/log4shell

https://github.com/aws-samples/kubernetes-log4j-cve-2021-44228-node-agent

https://github.com/michaelsanford/Log4Shell-Honeypot

https://github.com/thomaspatzke/Log4Pot

https://github.com/rv4l3r3/log4v-vuln-check

https://github.com/dpomnean/log4j_scanner_wrapper

https://github.com/roxas-tan/CVE-2021-44228

https://github.com/shamo0/CVE-2021-44228

https://github.com/snow0715/log4j-Scan-Burpsuite

https://github.com/Joefreedy/Log4j-Windows-Scanner

https://github.com/Nanitor/log4fix

https://github.com/Gyrfalc0n/scanlist-log4j

https://github.com/korteke/log4shell-demo

https://github.com/recanavar/vuln_spring_log4j2

https://github.com/DXC-StrikeForce/Burp-Log4j-HammerTime

https://github.com/andalik/log4j-filescan

https://github.com/lonecloud/CVE-2021-44228-Apache-Log4j

https://github.com/gyaansastra/CVE-2021-44228

https://github.com/axisops/CVE-2021-44228

https://github.com/kal1gh0st/MyLog4Shell

https://github.com/hozyx/log4shell

https://github.com/Vulnmachines/log4j-cve-2021-44228

https://github.com/kannthu/CVE-2021-44228-Apache-Log4j-Rce

https://github.com/Kr0ff/CVE-2021-44228

https://github.com/suuhm/log4shell4shell

https://github.com/AnYi-Sec/Log4j-CVE-2021-44228-EXP

https://github.com/wajda/log4shell-test-exploit

https://github.com/obscuritylabs/log4shell-poc-lab

https://github.com/Fazmin/vCenter-Server-Workaround-Script-CVE-2021-44228

https://github.com/BJLIYANLIANG/log4j-scanner

https://github.com/0x3SC4L4T3/Apache-Log4j-POC

https://github.com/TaroballzChen/CVE-2021-44228-log4jVulnScanner-metasploit

https://github.com/lucab85/ansible-role-log4shell

https://github.com/grimch/log4j-CVE-2021-44228-workaround

https://github.com/cybersecurityworks553/log4j-shell-csw

https://github.com/Toolsec/log4j-scan

https://github.com/puzzlepeaches/Log4jUnifi

https://github.com/many-fac3d-g0d/apache-tomcat-log4j

https://github.com/marcourbano/CVE-2021-44228

https://github.com/bsigouin/log4shell-vulnerable-app

https://github.com/ToxicEnvelope/XSYS-Log4J2Shell-Ex

https://github.com/felipe8398/ModSec-log4j2

https://github.com/ceyhuncamli/Log4j_Attacker_IPList

https://github.com/Grupo-Kapa-7/CVE-2021-44228-Log4j-PoC-RCE

https://github.com/rohankumardubey/CVE-2021-44228_scanner

https://github.com/HelifeWasTaken/log4j

https://github.com/sysadmin0815/Fix-Log4j-PowershellScript

https://github.com/RenYuH/log4j-lookups-vulnerability

https://github.com/scheibling/py-log4shellscanner

https://github.com/GroupePSA/log4shell-honeypot

https://github.com/zaneef/CVE-2021-44228

https://github.com/metodidavidovic/log4j-quick-scan

https://github.com/mazhar-hassan/log4j-vulnerability

https://github.com/cungts/VTI-IOCs-CVE-2021-44228

https://github.com/s-retlaw/l4s_poc

https://github.com/Ravid-CheckMarx/CVE-2021-44228-Apache-Log4j-Rce-main

https://github.com/yesspider-hacker/log4j-payload-generator

https://github.com/LinkMJB/log4shell_scanner

https://github.com/NS-Sp4ce/Vm4J

https://github.com/PoneyClairDeLune/LogJackFix

https://github.com/MarceloLeite2604/log4j-vulnerability

https://github.com/marklindsey11/-CVE-2021-44228_scanner-Applications-that-are-vulnerable-to-the-log4j-CVE-2021-44228-https-nvd.

https://github.com/marklindsey11/gh-repo-clone-marklindsey11–CVE-2021-44228_scanner-Applications-that-are-vulnerable-to-the-log4j-CV

https://github.com/4jfinder/4jfinder.github.io

https://github.com/alexpena5635/CVE-2021-44228_scanner-main-Modified-

https://github.com/kanitan/log4j2-web-vulnerable

https://github.com/mr-r3b00t/CVE-2021-44228

https://github.com/ChandanShastri/Log4j_Vulnerability_Demo

https://github.com/puzzlepeaches/Log4jHorizon

https://github.com/Vulnmachines/log4jshell_CVE-2021-44228

https://github.com/mr-vill4in/log4j-fuzzer

https://github.com/nix-xin/vuln4japi

https://github.com/cryptoforcecommand/log4j-cve-2021-44228

https://github.com/maximofernandezriera/CVE-2021-44228

https://github.com/jxerome/log4shell

https://github.com/solitarysp/Log4j-CVE-2021-44228

https://github.com/atlassion/log4j-exploit-builder

https://github.com/atlassion/RS4LOGJ-CVE-2021-44228

https://github.com/sdogancesur/log4j_github_repository

https://github.com/jrocia/Search-log4Jvuln-AppScanSTD

https://github.com/aajuvonen/log4stdin

https://github.com/arnaudluti/PS-CVE-2021-44228

https://github.com/ColdFusionX/CVE-2021-44228-Log4Shell-POC

https://github.com/robrankin/cve-2021-44228-waf-tests

https://github.com/semelnyk/CVE-2021-44228-ScannersListFromRF

https://github.com/0xalwayslucky/log4j-polkit-poc

https://github.com/y-security/yLog4j

https://github.com/FeryaelJustice/Log4Shell

https://github.com/hotpotcookie/log4shell-white-box

https://github.com/s-retlaw/l4srs

https://github.com/Ananya-0306/Log-4j-scanner

https://github.com/paulvkitor/log4shellwithlog4j2_13_3

https://github.com/MiguelM001/vulescanjndilookup

https://github.com/WatchGuard-Threat-Lab/log4shell-iocs

https://github.com/Aschen/log4j-patched

https://github.com/Nikolas-Charalambidis/cve-2021-44228

https://github.com/Jun-5heng/CVE-2021-44228

https://github.com/honypot/CVE-2021-44228

https://github.com/honypot/CVE-2021-44228-vuln-app

https://github.com/manishkanyal/log4j-scanner

https://github.com/Willian-2-0-0-1/Log4j-Exploit-CVE-2021-44228

https://github.com/r3kind1e/Log4Shell-obfuscated-payloads-generator

https://github.com/Phineas09/CVE-2021-44228

https://github.com/yuuki1967/CVE-2021-44228-Apache-Log4j-Rce

https://github.com/moshuum/tf-log4j-aws-poc

https://github.com/jaehnri/CVE-2021-44228

https://github.com/ra890927/Log4Shell-CVE-2121-44228-Demo

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Affected products

Team Foundation Server
Azure DevOps
Azure DevOps Server
Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories

CVE-2021-44228
Impacts
?
ACE 
[?]
Related products
 Team Foundation Server
CVE-IDS
?
CVE-2021-442289.3Critical
Microsoft official advisories
 Microsoft Security Update Guide
Find out the statistics of the vulnerabilities spreading in your region
© 2023 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy Cookies

Up