{"id":21351,"date":"2021-12-22T13:11:32","date_gmt":"2021-12-22T13:11:32","guid":{"rendered":"http:\/\/www.uwb.edu\/?p=21351"},"modified":"2023-10-19T12:30:24","modified_gmt":"2023-10-19T19:30:24","slug":"log4j-security-vulnerability","status":"publish","type":"page","link":"https:\/\/www.uwb.edu\/it\/it-news\/log4j-security-vulnerability","title":{"rendered":"12\/22\/21 &#8211; Log4j Security Vulnerability"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Need to Update Systems Now: Security Vulnerability<\/h2>\n\n\n\n<p>足彩app哪个是正规的 global IT community, including the federal government, is responding to active, widespread exploitation of a critical security vulnerability in consumer and enterprise services, websites, and applications using Apache&#8217;s Log4j software to log security and performance information. This vulnerability can be used to get into systems or servers from any location and without using a password.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What you need to do:<\/h3>\n\n\n\n<p>For these vulnerabilities to be remediated in products and services that use affected versions of Log4j, the maintainers of those products and services must implement security updates as soon as possible. Many common internet systems and software applications use Log4j, and each must be patched separately. <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n\t\n\n\t\n\t\n<p>If you manage updates to an affected system: Several updates have already been released by Apache and the latest version of Log4j should be installed immediately. As of December 18, 2021, systems should be updated to use Log4j version 2.17.0 <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n\t\t\n\t\t\n<p>You may be able to check if an application is vulnerable using <a href=\"http:\/\/gist.github.com\/Neo23x0\/e4c8b03ff8cdf1fa63b7d15db6e3860b\" target=\"_blank\" rel=\"noopener\">proof-of-contact script(s)<\/a><\/p>\n<\/li>\n\n\n\n<li>\n\t\t\n\t\t\n<p>If there is risk of infection\/compromise, please send an email to <a href=\"mailto:security@uw.edu\">security@uw.edu<\/a><\/p>\n<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>\n\t\n\t\n<p>If you rely on a vendor or another party to manage updates to your system: Submit a customer support ticket to the organization requesting confirmation of any mitigation and updates to affected products to use the latest version of Log4j.<\/p>\n<\/li>\n\n\n\n<li>\n\t\n\t\n<p>If you\u2019re relying on an appliance with a web-based front end: Check for updates using the device\u2019s administration console immediately. Verify either by checking the product website or contacting your vendor to ensure that they are not vulnerable or have a patch to remediate the issue as soon as possible. <\/p>\n<\/li>\n\n\n\n<li>\n\t\n\t\n<p>As always, as a faculty or staff member of the University of Washington: Make sure your computer is up to date by installing all software updates. UWB IT routinely sends updates to your computer through <a href=\"https:\/\/itconnect.uw.edu\/connect\/uw-networks\/about-husky-onnet\/use-husky-onnet\/\">Husky OnNet.<\/a> Log in today to see if there are any updates waiting.<\/p>\n<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">What to expect:<\/h3>\n\n\n\n<p>足彩app哪个是正规的 breadth of impact of this vulnerability is not yet fully known; many applications could be impacted and require updates. This should be treated as an ongoing incident that requires vigilance from our technical campus partners. Updates specific to Log4j can be found on the following websites: <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Updated security info about Log4j is hosted by UW CISO Office: <a href=\"https:\/\/ciso.uw.edu\/2021\/12\/10\/apache-log4j-patch-now\/\">Apache Log4j: Patch NOW | Office of the CISO (uw.edu)<\/a><\/li>\n\n\n\n<li>Organizations are urged to review and monitor the <a href=\"https:\/\/logging.apache.org\/log4j\/2.x\/security.html\">Apache Log4j Security Vulnerabilities webpage<\/a> for updates and mitigation guidance.<\/li>\n\n\n\n<li>In addition to the immediate actions detailed above, review <a href=\"https:\/\/github.com\/cisagov\/log4j-affected-db\" target=\"_blank\" rel=\"noopener\">CISA&#8217;s GitHub repository<\/a> for a list of affected vendor information and apply software updates as soon as they are available. <\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Support<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If you have questions, or would like assistance, please contact <a href=\"\/it\/get-help\">UWB IT.<\/a><\/li>\n\n\n\n<li>Join the <a href=\"https:\/\/ciso.uw.edu\/education\/outreach\/infosec-advocates\/\">Community of Practice for Security Advocates<\/a>.<\/li>\n\n\n\n<li>This message along with any updated resources will be available on the <a href=\"\/it\/it-news\">IT News &amp; Updates webpage <\/a><\/li>\n<\/ul>\n\n\n\n<p>Thank you for your help keeping us and the UW secure. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Need to Update Systems Now: Security Vulnerability 足彩app哪个是正规的 global IT community, including the federal government, is responding to active, widespread exploitation of a critical security vulnerability in consumer and enterprise services, websites, and applications using Apache&#8217;s Log4j software to log security and performance information. This vulnerability can be used to get into systems or servers&#8230;<\/p>\n","protected":false},"author":6,"featured_media":0,"parent":1411,"menu_order":7,"comment_status":"open","ping_status":"open","template":"","meta":{"_acf_changed":false,"_is_archived":false,"_archived_contact_email":"","footnotes":""},"class_list":["post-21351","page","type-page","status-publish","hentry"],"acf":{"related_links":{"toggle_visibility":false,"link_1":"","link_2":"","link_3":"","link_4":"","link_5":""},"highlight_box":{"toggle_visibility":false,"title":"","content":"","button":"","button_style":"angled-purple-button","button_screen_reader_text":""},"contact_type_1":{"toggle_visibility":true,"contact_title":"Information Technology","email":"uwbit@uw.edu","phone":"425.352.3456","box":"Box 358540","address_line_1":"18115 Campus Way NE","address_line_2":"Bothell, WA 98011-8246","location":""},"contact_type_2":{"toggle_visibility":false,"contact_title":"","email":"","phone":"","box":"","address_line_1":"","address_line_2":"","location":""},"social_media":{"toggle_visibility":false,"facebook_url":"","instagram_url":"","linkedin_url":"","twitter_url":"","youtube_url":""},"blog_archive_sidebar_visibility":false},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>12\/22\/21 - Log4j Security Vulnerability - Information Technology<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.uwb.edu\/it\/it-news\/log4j-security-vulnerability\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"12\/22\/21 - Log4j Security Vulnerability - Information Technology\" \/>\n<meta property=\"og:description\" content=\"Need to Update Systems Now: Security Vulnerability 足彩app哪个是正规的 global IT community, including the federal government, is responding to active, widespread exploitation of a critical security vulnerability in consumer and enterprise services, websites, and applications using Apache&#8217;s Log4j software to log security and performance information. This vulnerability can be used to get into systems or servers...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.uwb.edu\/it\/it-news\/log4j-security-vulnerability\" \/>\n<meta property=\"og:site_name\" content=\"Information Technology\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-19T19:30:24+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.uwb.edu\/it\/it-news\/log4j-security-vulnerability\",\"url\":\"https:\/\/www.uwb.edu\/it\/it-news\/log4j-security-vulnerability\",\"name\":\"12\/22\/21 - Log4j Security Vulnerability - Information Technology\",\"isPartOf\":{\"@id\":\"\/#website\"},\"datePublished\":\"2021-12-22T13:11:32+00:00\",\"dateModified\":\"2023-10-19T19:30:24+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.uwb.edu\/it\/it-news\/log4j-security-vulnerability#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.uwb.edu\/it\/it-news\/log4j-security-vulnerability\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.uwb.edu\/it\/it-news\/log4j-security-vulnerability#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.uwb.edu\/it\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"IT News and Updates\",\"item\":\"https:\/\/www.uwb.edu\/it\/it-news\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"12\/22\/21 &#8211; Log4j Security Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"\/#website\",\"url\":\"\/\",\"name\":\"Information Technology\",\"description\":\"Just another UW Bothell site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"12\/22\/21 - Log4j Security Vulnerability - Information Technology","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.uwb.edu\/it\/it-news\/log4j-security-vulnerability","og_locale":"en_US","og_type":"article","og_title":"12\/22\/21 - Log4j Security Vulnerability - Information Technology","og_description":"Need to Update Systems Now: Security Vulnerability 足彩app哪个是正规的 global IT community, including the federal government, is responding to active, widespread exploitation of a critical security vulnerability in consumer and enterprise services, websites, and applications using Apache&#8217;s Log4j software to log security and performance information. This vulnerability can be used to get into systems or servers...","og_url":"https:\/\/www.uwb.edu\/it\/it-news\/log4j-security-vulnerability","og_site_name":"Information Technology","article_modified_time":"2023-10-19T19:30:24+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.uwb.edu\/it\/it-news\/log4j-security-vulnerability","url":"https:\/\/www.uwb.edu\/it\/it-news\/log4j-security-vulnerability","name":"12\/22\/21 - Log4j Security Vulnerability - Information Technology","isPartOf":{"@id":"\/#website"},"datePublished":"2021-12-22T13:11:32+00:00","dateModified":"2023-10-19T19:30:24+00:00","breadcrumb":{"@id":"https:\/\/www.uwb.edu\/it\/it-news\/log4j-security-vulnerability#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.uwb.edu\/it\/it-news\/log4j-security-vulnerability"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.uwb.edu\/it\/it-news\/log4j-security-vulnerability#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.uwb.edu\/it\/"},{"@type":"ListItem","position":2,"name":"IT News and Updates","item":"https:\/\/www.uwb.edu\/it\/it-news"},{"@type":"ListItem","position":3,"name":"12\/22\/21 &#8211; Log4j Security Vulnerability"}]},{"@type":"WebSite","@id":"\/#website","url":"\/","name":"Information Technology","description":"Just another UW Bothell site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/www.uwb.edu\/it\/wp-json\/wp\/v2\/pages\/21351","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.uwb.edu\/it\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.uwb.edu\/it\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.uwb.edu\/it\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.uwb.edu\/it\/wp-json\/wp\/v2\/comments?post=21351"}],"version-history":[{"count":2,"href":"https:\/\/www.uwb.edu\/it\/wp-json\/wp\/v2\/pages\/21351\/revisions"}],"predecessor-version":[{"id":24249,"href":"https:\/\/www.uwb.edu\/it\/wp-json\/wp\/v2\/pages\/21351\/revisions\/24249"}],"up":[{"embeddable":true,"href":"https:\/\/www.uwb.edu\/it\/wp-json\/wp\/v2\/pages\/1411"}],"wp:attachment":[{"href":"https:\/\/www.uwb.edu\/it\/wp-json\/wp\/v2\/media?parent=21351"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}