On Thursday, December 9, a vulnerability in specific Log4J libraries was discovered worldwide. Log4j is a library used by many Java applications, including Amazon, Twitter, and Apple iCloud. K-State’s Division of Information Technology (IT) has seen an influx of cyberattacks trying to exploit this vulnerability and has worked continuously since the discovery to configure workarounds, install patches, and take other defensive measures to protect the University.
K-Staters may experience system outages during emergency patching and configuration tasks as IT resolves this problem. In extreme circumstances, where patching or workarounds are unavailable, IT may take systems offline. All efforts will be exhausted before IT makes that decision; additional communication will follow if services are taken down.
IT is aware that this is taking place during a critical week. We ask for your patience and understanding as we respond to a dire situation for the security of our network. If there are any questions, please send them to security@ksu.edu, and we will respond to them as quickly as possible.
It is important to note that the current outage with Kronos WFC is not related to the Log4J vulnerability, and the decision to disable this service was not made by K-State. Kronos, the provider of Kronos WFC, is a victim of ransomware and is working through their process to bring systems back online. Once the vendor releases that information, additional information about this outage will be provided.
IT would like to take a moment and recognize the amount of effort and work that has gone into protecting our network. So many K-Staters worked long hours throughout the weekend and into this week, and we thank each and every one of you.
