(posted Dec 15, 2021)
A critical vulnerability has been discovered in a common software component known as Log4j that is used within a number of server applications on Linux, Windows, and MacOS. The exploit can be conducted remotely and with very low expertise, making this vulnerability very concerning. This necessitates the attention of the UTSC community, as it not only an issue for system administrators but also for those who manage relationships with software vendors for external/cloud services. IITS staff have been working diligently through the past week to assess the risks to our campus and have taken proactive steps to detect, isolate and patch where we can. However, there are many systems outside of our control. U of T's Chief Information Security Officer has exerted emergency response authority and will block systems exhibiting signs of compromise without exception. These systems must then be triaged, wiped and rebuilt.
IITS staff are continually updating and patching IITS-managed devices, such as office computers, as needed - no user actions is required.
We need your assistance with the following:
Information and Instructional Technology Services