...
A zero-day exploit has been found in the “Apache log4j” Java Component. The exploit allows remote code execution. This security issue is logged as “CVE-2021-44228” and “CVE-2021-45046” for version 2.15 of log4j. It has the nickname “Log4Shell”.
The exploit uses the Java Naming and Directory Interface (JNDI).
Is PeopleSync affected?
\uD83C\uDF31 Solution
...
We are aware of log4j being an extension of the DTS component in some versions of Microsoft SQL Server. PeopleSync neither uses nor requires DTS. As far as we can oversee this now, Microsoft is using a version of log4j not affected by this specific vulnerability. It may possibly be vulnerable to CVE-2021-4104 (https://bugzilla.redhat.com/show_bug.cgi?id=2031667). Microsoft Product Support Services will help you to remove or update the component if required.
...