UW Office of Cybersecurity

Action Needed: Log4J Vulnerability

An important message from the UW–Madison Office of Cybersecurity to Primary Tech Partners, Tech Partners, Information Technology Collaborative Coordination Committee (ITCCC), Information Technology Committee (ITC), UW–Madison Information Security Team (MIST) and DoIT staff.

Please be aware that the current cybersecurity vulnerability in Log4J and sometimes called “Log4Shell” continues to be actively targeted by attackers. The UW–Madison Cybersecurity Operations Center has confirmed numerous attempts on the campus network. In order to secure your systems, you need to act now.

Action needed

Please review this list of software and other IT product information (source URL: GIST.GitHub.com) compiled by an independent security researcher collecting vendor resources for Log4J. The vendor information may also include patching instructions. Review the list to see if your software is affected, and if so, apply the patch or take other mitigation measures. Please also share this information with your teams and others who may have a need to take action.

Additional resources

If you have any questions regarding this information and what action you need to take, please contact cybersecurity@cio.wisc.edu.

Please reference the DoIT KnowledgeBase for the latest updates.

—Jeffrey Savoy, chief information security officer