Skip to main content


Repost Message will copy the article into draft mode and enable you to edit/change dates and information.
Do not change the dates of this posting because it will affect the original.

MCC Daily Tribune

Log4j Vulnerability

On Friday, December 10, MCC Technology Services became aware of a critical information security vulnerability, "Log4j," that is often bundled in java-based applications. Since that weekend, our team has been working diligently to mitigate the vulnerability when we find it, to apply vendor patches as soon as they are released, and to continue to scan and monitor for signs of Log4j to defend against it. 

Like other colleges' systems across SUNY, MCC systems are vulnerable to attack, therefore we are prepared to shut down services with little to no notice in order to protect them. The reason this vulnerability is such a high risk is because it can be used to completely take over the system it resides on, known as Remote Code Execution (RCE), and because Log4j is used in so many components in IT environments, including ours. 

We appreciate your patience and understanding if we have to bring a system down to apply patches once they become available. We are working with the SUNY ITEC CIO to implement a comprehensive solution for Banner over the coming days. We will keep you updated as we move through this process to keep our data and systems safe and secure. 

We appreciate your patience and understanding in the event we have to bring a system down to apply patches when they become available.  

Eileen Wirley
Technology Services - AVP Office
12/21/2021