Security Awareness

Log4Shell Vulnerability Impacts Systems Across the Internet

Apache Log4j LogoOn December 9, 2021, a vulnerability in the popular Java logging library Log4j—used by developers of web and server applications around the world—was discovered and made public. The zero-day vulnerability allows for code to be run remotely by sending a malicious code string, allowing a hacker to take control. Published the next day in the National Vulnerability Database as CVE-2021-44228, it is already being exploited in the wild across Windows, Linux, macOS and devices. Teams across the internet are working to patch enterprise systems and web apps to protect against these critical zero-day exploits. Even games like Minecraft can be impacted, leading Microsoft to post instructions on how players of the Java version can patch their systems.  Of course, our Security Team is aware of the issue and reviewing SMU systems to determine impact. 

Leading the response effort for SMU and working with areas across campus with mitigation options, the OIT Security Team is scanning servers in our data center to provide better insight into the extent of the impact. As our on-campus third-party server applications and software vendors release updates to the Log4Shell vulnerability, we deploy them as quickly as possible and will work to reduce the impact during finals. Our cloud-based products will be updated at the vendor’s discretion. Some vendors, such as Appspace and CampusPress have already reported that their systems are not vulnerable to CVE-2021-44228 (also known as Log4Shell or LogJam). Instructure, the parent company of the Canvas LMS, reports that it has reviewed all instances of Log4j2 in Instructure products and implemented mitigations or upgrades to the services. We expect other vendors to do the same within the next 48 hours.

For more information, please reference the following resources. This is a developing issue and information will continue to change as we learn more.

Print Friendly, PDF & Email

Published by

Ian Aberle

Ian Aberle is an Adobe Creative Educator and the Senior IT Communications Specialist & Trainer for the Office of Information Technology (OIT). For over 25 years, he has helped the SMU community use technology and implement digital and web media through multiple roles with the Digital Commons, SMU STAR Program, and now OIT. Ian enjoys photography and road trips with his family in his free time.