[CITL] Follow up: Notice of 0-day Vulnerability

Dewight F Kramer dewight.kramer at ucr.edu
Thu Dec 16 17:15:36 PST 2021 

Hello CITL




This is a follow up to the email sent out Monday. The ITS is responding to a newly revealed severe software vulnerability called Log4J or Log4Shell. This vulnerability affects a broad range of websites, applications, and devices, making it extremely dangerous, and digital systems across the internet are affected. For a detailed breakdown please see:
https://its.ucr.edu/iso-alert/2021/12/16/critical-vulnerability-cve-2021-44228-apache-log4j-library
and you can also see more at:
https://www.mandiant.com/resources/log4shell-recommendations




What is being done at UC Riverside:

We are working to enable some protections centrally, i.e. border firewall rules and services, as we determine the scope and potential impact on systems ITS manages. We are also exploring ways we can identify this vulnerability in other units that do not leverage ITS as a primary service provider for their IT infrastructure.  Some of the core activities we are doing centrally are:




  *   Boundary protections: ITS staff have spent the last week identifying and implementing controls to help mitigate some of the vulnerability giving people time to identify vulnerable systems and develop a plan to fix them.
  *   Mitigating and Updating: ITS staff are mitigating and updating affected campus systems as quickly as possible and documenting vulnerability status for all central campus IT Infrastructure.
  *   Engaging SaaS and Local Services: ITS Staff are working with our SaaS providers, and even vendors with on prem tools about their susceptibility to this vulnerability.
  *   Blocking Systems & Removing Services: To protect campus systems and data, IT staff will be monitoring this situation closely during curtailment, and may take down services or block systems from the campus network when necessary.
  *   Monitoring - ISO will continue to monitor network and system logs closely, especially throughout the holiday curtailment period.




What you can do:

  *   Work with your staff and faculty before leaving campus for winter curtailment, to power down or remove from the network any servers or devices that will not be in use, especially if you are not sure if they are affected.
  *   Inventory your systems and applications and check each one to see if they are vulnerable to Log4j, and document the check
     *   The Information Security Office will need to give President Drake, and likely UCR Leadership and update about the campuses efforts to address this issue.  As such if you could please share with Dewight F Kramer dewight.kramer at ucr.edu<mailto:dewight.kramer at ucr.edu>   and Mike Kennedy michael.kennedy at ucr.edu<mailto:michael.kennedy at ucr.edu> , efforts done to address the issue.  If there are systems that cant be updated for any reason, please share that too and what mitigations you have in place to protect those systems and the basic data elements those system has.
        *   These systems un able to update may need a formal exception.  You can start that process at:
     *   In general we recommend that you make sure your internet-connected devices are up to date.
  *   Review our security alert for this vulnerability as https://its.ucr.edu/iso-alert/2021/12/16/critical-vulnerability-cve-2021-44228-apache-log4j-library



If you receive any suspicious email, please follow the ITS knowledge base article to report it without clicking on any links or replying to the sender.  If you suspect a computer in your unit has been compromised please email infosecoffice at ucr.edu<mailto:infosecoffice at ucr.edu>.  KB article: https://ucrsupport.service-now.com/ucr_portal?id=kb_article&sys_id=2af24d121b0b849026bd635bbc4bcba1




Thank you for your attention to this matter.




Dewight Fredrick Kramer
Chief Information Security Officer
Information Technology Solutions
University of California, Riverside
•  (951) 827-3070| • dewight.kramer at ucr.edu<mailto:dewight.kramer at ucr.edu>
[cidimage001.png at 01D7425D.25491FE0]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucr.edu/pipermail/citl/attachments/20211217/6dac709f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 10538 bytes
Desc: image001.png
URL: <https://lists.ucr.edu/pipermail/citl/attachments/20211217/6dac709f/attachment-0001.png>

More information about the CITL mailing list