Companies ‘Patching Like Crazy’ to Stem Shellshock Flaw - The Wall Street Journal

September 25, 2014

Companies ‘Patching Like Crazy’ to Stem Shellshock Flaw - The Wall Street Journal

The Wall Street Journal, By Steven Norton

The Shellshock bug likely poses a more critical threat than Heartbleed did earlier this year, analysts say. As companies scramble to assess their systems’ vulnerability and apply the appropriate patches, it may also be a time for CIOs to take stock of their security posture and prepare their systems for the next inevitable bug.

Also called the “Bash bug”, Shellshock affects a commonly used, decades-old piece of open source command prompt software called Bash. It is widely used on a number of Unix-based and Linux-based computers, as well as Mac OS X, and runs on up to 50% of all Web servers. It also extends to Android devices and some embedded technology that makes up the Internet of Things. From a CIO-perspective, these devices could be more difficult to address.

Companies including Google Inc. and Amazon.com Inc. raced to patch their own systems, the Journal’s Danny Yadron notes, and a slew of security companies published blog posts about how to respond to the vulnerability. The Journal notes that unlike with Heartbleed, which prompted 40% of Americans to change their passwords, there’s not much the everyday consumer can do.

If exploited, the bug could allow an attacker to run any command on a vulnerable machine. A hacker exploiting a vulnerable website, for example, could download and install malware, delete files or obtain administrative access privileges. The bug was discovered by researcher Stephane Chazelas and made public Wednesday.

“This is certainly one of the worst, if not the worst, vulnerabilities that’s been discovered this year,” said Roel Schouwenberg, a security researcher at Kaspersky Lab. “We most definitely haven’t seen the end of all the different implications.” Read more.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe. The company’s comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and nearly 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Companies ‘Patching Like Crazy’ to Stem Shellshock Flaw - The Wall Street Journal

Companies ‘Patching Like Crazy’ to Stem Shellshock Flaw - The Wall Street Journal

About Kaspersky

Related Articles Press Releases

Kaspersky Lab Joins Forces with Merchant Risk Council to Help Combat eCommerce Fraud

Kaspersky Lab North America Recognized on CRN’s 2018 Security 100 List

Kaspersky Lab North America Releases its Inaugural Corporate Social Responsibility Report

Kaspersky Lab Appeals U.S. Department of Homeland Security Debarment

Poor Security Practices put Cloud-Driven Business Growth and Cost Savings at Risk

Kaspersky Lab Story of the Year 2017: More Than One Quarter of Ransomware Attacks Target Businesses

Kaspersky Lab Survey: IT Security Experts Uncertain on How to Combat Targeted Attacks

Kaspersky Lab Creates Pop-Up Shop Experience Using New Currency to Showcase the Value of Personal Data

Kaspersky Lab Enters Endpoint Detection and Response Market with New Solution

Kaspersky Lab North America Champions National Cyber Security Awareness Month 2017