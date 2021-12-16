Many news outlets have recently reported a critical vulnerability affecting Apache Log4j 2. The TTU IT Division recommends that all IT staff evaluate their environment as it relates to this vulnerability and monitor the situation very closely as new developments are announced regularly.

Log4j 2 is an opensource Apache logging framework that developers use to keep a record of activity within an application. It is widely used by enterprise applications and cloud services. Essentially, almost any system or application in which Java is used may include the Log4j 2 library. If you are unsure if systems or applications in your area are impacted, please contact your IT support staff.

It is best practice to update software to vendor recommended versions as these updates often include fixes to security flaws. Vendors of applications that include Log4j 2 will be addressing this vulnerability through an application update. It is very important to apply vendor recommended updates to your applications and operating system in the coming days. Staying current on critical system updates will help protect against this and other cyber threats. Be aware that some updates that address this vulnerability may be in the form of firmware upgrades for devices, e.g. webcams.

We encourage you to be vigilant in practicing cybersecurity and invite you to learn more cybersecurity tips online at http://www.cybersecurity.ttu.edu. For more information or questions, please contact IT Help Central at (806) 742-4357 (HELP) or via email at ithelpcentral@ttu.edu.

Sources: CISA Apache Log4j Vulnerability Information