IT system shutdown at AU impacts web access to systems and exams
On Monday, AU shut down web access to a number of its IT systems in response to a serious security threat. The threat is due to a vulnerability in a software component that is found in many of AU’s systems. Exams and non-VPN web access are still affected by the shutdown as of Tuesday 14 December.
In response to a serious security threat, Aarhus University shut down web access to many of its systems, including STADS, Digital Exams, mitstudie and post.au.dk. This was done to prevent cybercriminals from taking advantage of a software vulnerability and hacking the university’s systems.
The shutdown will disrupt exams scheduled for Tuesday 14 December: all written exams are cancelled on this day. Oral exams will proceed as scheduled.
Affected students and lecturers will be directly informed by mail about these cancellations; we also encourage everyone to keep an eye on Brightspace, studerende.au.dk and the local study portals.
Staff who are working on campus or using a remote VPN connection will be minimally affected by the shutdown. AU IT would like to emphasise that no cyberattacks on AU have been detected. The security threat is a vulnerability in Apache Log4j software.
During the shutdown, the IT department will perform a scan of all of AU’s stems to identify the installations affected by this vulnerability. This scan will also include research systems. Once the vulnerability is localised, the relevant system owners will be contacted by AU IT directly.
Unfortunately, it’s not yet possible to say when web access to these systems will be available again. Check serviceinfo.au.dk for regular updates on the situation from AU IT.