If you thought Ebola was deadly to humans wait till you get a load of the latest security issue impacting the world wide web and most everything connected to it including potentially your phone, lights, servers and the list goes on (excluding Windows systems). If Heart Bleed wasn’t bad enough at the start of the year the new Shell Shock bug certainly is. It is what I would term the Mother of All Bugs (MOAB). It impacts almost all Unix, Linux and Mac systems and allows a remote attacker to execute arbitrary code and potentially steal your data, credit cards and other information. So how serious is this? Well the NIST CVE Alert Rating on this is a 10 for severity, and a low for complexity to exploit (read my 7yr old could exploit this bug). So basically the worst possible kind. Oh, but wait, there’s more…
According to this article, there are already worms exploiting this bug. So the impact could be wide spread for the vulnerable systems. I would expect most major vendors to come out with security advisories very promptly for this, after they have assessed their systems. For those of you running VMware, they have posted a blog here, and an advisory here. As things stand if you’re running VMware tools on top of Windows, such as vCenter for example, then you are not vulnerable. Also ESXi is not vulnerable as it uses ash shell via BusyBox instead of Bash. However any virtual appliances may well be vulnerable, including the vCenter Server Appliance. I would recommend keeping and eye on VMware KB 2090740 for the latest updates. For home users, lock up your networks tight and try to prevent anyone getting in the virtual front door, until such time as there are widely available fixes.
This bug highlights the importance of keeping patches up to date and staying across the alerts from the likes of NIST. Be aware of this bug and get patched and protected as soon as you can. Not everyone has a vaccine for this one yet, but hopefully it’s not far away. This bug could cause a lot of change to the way systems are designed, implemented and secured. What’s to say another bug of this nature isn’t just around the corner? Better to be prepared.
This is probably one of the highest impact and most wide spread bugs with the highest severity that I’ve seen in over 20 years in IT (reminds me of the original internet worm). As the Internet of Things (IOT) spreads bugs of a similar nature will have a much wider impact and much more sever consequences. Security of your systems is going to become an ever more serious issue and this is why Micro Segmentation, and using technologies such as VMware NSX and vCloud Networking and Security will become so important. In addition to more intelligent firewalls, such as from Palo Alto Networks. As much as we give Microsoft a hard time over security and patches, neither Heart Bleed and Shell Shock impacted Windows systems.
This post first appeared on the Long White Virtual Clouds blog at longwhiteclouds.com. By Michael Webster +. Copyright © 2012 – 2014 – IT Solutions 2000 Ltd and Michael Webster +. All rights reserved. Not to be reproduced for commercial purposes without written permission.