Published: Dec. 12, 2021

A critical software vulnerability located in open-source Apache software used to run websites and other web services has exposed millions of applications across the globe to a malicious attack.

The global attack began before full awareness of the vulnerability existed and the necessary software patching was made available and could be performed. As a result, this vulnerability is actively being exploited across platforms all over the world. 

Stay up to date

The Office of Information Technology (OIT), the Office of Information Security and IT practitioners from across the campus have been working together to mitigate the risk of attackers gaining access to our data or planting malware that could compromise the integrity of our systems. 

Accordingly, some services, like MyCUInfo, Buff Portal Advising, eComm, Salesforce, PeopleSoft HR, the Student Information System (SIS), Degree Audit and Transfer Credit (DATC), have been moved behind firewalls. Connecting to these services will temporarily require faculty, students or staff to either be on a campus network or off campus and use the campus virtual private network (VPN). 

The vast majority of campus applications, including Canvas, Office 365, Google and Zoom, will continue to be accessible both on and off campus and without a VPN connection.

When required, using the campus VPN is straightforward. You can download CU Boulder’s Cisco Any Connect VPN and find setup instructions on OIT’s Cisco VPN page

OIT has been tracking the issue and sharing updates in the OIT News section of its website. If you have questions about accessing campus services or about the campus response to this security threat,  email the IT Service Center or call 303-735-4357.