How To Protect Your Customers' IT Infrastructures Against Security Vulnerabilities

By Michael Fimin, CEO and co-founder, Netwrix

It wasn’t long since the Heartbleed bug made waves across the Internet and put hundreds of online services and systems at risk of personal data exposure. Now, it’s again a busy season for solutions providers that focus on security, as a new vulnerability — Shellshock — was found running uncontrolled over the Internet, and it soon proved a far more serious threat than Heartbleed.

Shellshock (CVE-2014-6271 and several related issues) is discovered in Bash, the most common command-line shell used in Linux/UNIX systems and Mac OS X, making UNIX and Linux servers running a website the primary targets for the attacks that exploit Shellshock vulnerability.

The Shellshock bug allows an attacker to remotely execute commands via Bash shell without authentication. Initially, the attacker is limited to the privilege level of the user account running the Bash instance. However, this often gives the attacker enough access to elevate privileges, take control over the system and gain access to other resources on your network.

The bug had existed in Bash code for over two decades. The most conservative experts estimate that there were at least a hundred thousand vulnerable servers exposed to the Internet at the time when the Shellshock bug was first reported. It’s likely that some of those vulnerable servers are contained within your customers’ environments.

Please log in or register below to read the full article.