Miami IT Services Response to the Log4J Software Vulnerability

by Randy Hollowell, IT Services

Many of you may have seen news reports about a major vulnerability in a software component called Log4J. Log4J is built into massive numbers of applications, devices, and IT infrastructure components, and thus it's all over the place both at Miami and through our cloud service providers. The vulnerability itself is very serious - it received the absolute highest rating that our industry can give a vulnerability, and it is being actively exploited.

To combat this vulnerability, IT Services, along with our University technology partners, is in the process of actively patching systems and software. The unfortunate result of this work is that we may need to take systems down to do that with relatively short notice. We'll try to give the campus community as much of a heads-up as we can, and will be working to balance risk vs. things like final grade submissions and other end-of-semester and end-of-calendar-year activities. Wherever we can, we'll try to use non-intrusive measures, but in some cases, we'll have to take things down to patch them.

There may also be cases where our cloud-based vendor partners will be making changes that require their services to be down for a period of time. Where we have advanced notice, we will attempt to communicate those as well.

We're also using our existing network defenses to filter out as much of the probing and attack traffic as we can. Since the attacks are quickly becoming more advanced and increasing in volume, catching all of them - or even most of them - will become increasingly difficult. Thus the rapid patching wherever and whenever we can.

If there is a need for updated communications, we will be posting them here. To view planned IT activities and the current status of major systems and services at any time, please visit our dashboard at