Log4J Zero-day Vulnerability and the U-M Response

In early December 2021, the world was faced with yet another massive zero-day vulnerability, when news broke that Log4j was being used to perform remote code execution and provide unauthorized access to servers. This vulnerability was quickly exploited to do everything from crypto-currency mining to ransomware installation. 

Log4j is a piece of open-source software used by numerous vendors and millions of devices. From cloud services like Amazon Web Services and Apple iCloud, to popular video games like Minecraft, Log4j can be found in a wide range of software, software development tools, and security tools. The scale of the vulnerability was staggering, and was described by the director of the U.S. Cybersecurity & Infrastructure Security Agency as the most serious vulnerability she’s seen in her decades-long career

ITS, and the entire IT community at U-M, responded quickly. A cross-ITS team was immediately spun up to address the Log4J zero-day vulnerability. This well-coordinated effort included daily Zoom meetings to review Log4J vulnerability scan results. These results were then translated into lists of vulnerable systems, which were then provided to system owners across U-M, along with mitigation and patching steps, and instructions on working with vendors and self-managed machines. 

Threat actors will make the most of every opportunity to exploit a vulnerability, and we all must remain vigilant and committed to our shared responsibility to protect U-M’s digital assets. Thank you to all involved for your hard work and dedication to protecting U-M data and systems!