Here is a knowledge base article which describes the MiKTeX log4j status:
Log4j vulnerability CVE-2021-44228