Remediation for Remote Code Execution Vulnerability (CVE-2021-44228)-Client Side

SAS has issues remediating steps for its products but specifically for SAS 9.4 TS1M6 & M7, found here:

We found that if SAS clients are installed on the client machines, the log4j-core-2.*.jar files are also present.  We found it to be more efficient for the end users to run a search and remove the JndiLookup.class by themselves.

The SAS end users would need to

1. Search for the log4j-core-2.*.jar from their C:\ drive
2. Have a zip utility like WinZip and or 7.z or other zip utility
3. Only do this for version 2.1 or earlier.  Do not select 2.11 or higher.

Following are step by step set of instructions

1. On client machine, navigate to C drive and run a search for log4j-core-2.*.jar
   

Figure 1: Ensure the install location shows SASHome and ver. 2.1 for the Jar file.

• Right click on a Jar file and select ‘Open File Location’
  

• Find the target Jar file and right click
  

• Use any zip utility, we have 7z, right click and select open archive
  

• Note the path: org/apache/logging/log4j/core/lookup
  

• Right click on JndiLookup.class and select delete then close the archive
  

• Close archive and save in the same location

• Continued with another Jar file

Note:

In some cases, your access will be restricted to Delete and or save the jar file after deletion.  Follow steps 1 to 4, copy the Jar file to download or some other temp location and complete steps 5 & 6 and as an added step cut and paste back to the file location where the original Jar file was copied from.