Many news outlets have recently reported a critical vulnerability affecting Apache Log4j 2. The TTU IT Division recommends that all IT staff evaluate their environment as it relates to this vulnerability and monitor the situation very closely as new developments are announced regularly.
Log4j 2 is an opensource Apache logging framework that developers use to keep a record of activity within an application. It is widely used by enterprise applications and cloud services. Essentially, almost any system or application in which Java is used may include the Log4j 2 library. If you are unsure if systems or applications in your area are impacted, please contact your IT support staff.
It is best practice to update software to vendor recommended versions (subject to the organization's IT best practices and/or policies) as these updates often include fixes to security flaws. Vendors of applications that include Log4j 2 will be addressing this vulnerability through an application update. It is very important to apply vendor recommended updates to your applications and operating system in the coming days. Staying current on critical system updates will help protect against this and other cyber threats. Be aware that some updates that address this vulnerability may be in the form of firmware upgrades for devices, e.g. webcams.