Virtuwise

VMware Horizon updates for Log4j

Folks who have a VMware Horizon environment should read some recent updates for Log4j and take the necessary steps required to update your systems.

Note that all internal and external Horizon components including Connection Server, Agent, Cloud Connector and UAG must address the Log4j vulnerabilities in an urgent manner. Customers who have deployed Unified Access Gateway (UAG) as part of their Horizon environment should follow the guidance given in UAG knowledge base article 87092, in addition to the Horizon guidance provided in our advisory.

Due to additional disclosures from Apache Software Foundation, releases were last updated on Dec. 16th and workaround scripts were last updated on Dec. 19th. Either can be used to address CVE-2021-44228 and CVE-2021-45046.