CVE-Check CVE-2021-44228-log4j is crashing on Windows

Problem

Together with a customer, we figured out a crash of the CVE-2021-44228-log4j Checkmk from the Checkmk Exchange Site: https://exchange.checkmk.com/p/cve-2021-44228-log4j

The problem seems to be the incomplete agent output:

<<<cve_2021_44228_log4j:sep(0):cached(1640096053,86400)>>>
2021-12-21T15:14:13+01:00
SCAN OPTIONS: --all-drives
<<<>>>

Solution

Let's debug this further on the Windows machine:

The Powershell script returns only the incomplete output. That's why we need to execute the log4j2-scan.exe

To solve this, you can use this manual: https://smarttechnicalworld.com/fix-vcruntime140-dll-is-missing-on-windows-10/

Related articles

• Page:
  Required role permissions needed to use the Agent Bakery
• Page:
  Asynchronous execution of Windows plugins
• Page:
  Enabled and disabled section for Windows
• Page:
  Considerations before running the agent as an unprivileged user
• Page:
  Checkmk is not affected by Spring4Shell (CVE-2022-22965)