A brand new vulnerability has been discovered that will have widespread impacts. Trend Micro to help tackle Shellshock vulnerability.  The vulnerability, known as Shellshock (CVE-2014-6271 and CVE-2014-7169), is found in Bash, the dominant shell for Unix and Linux (default), and can also be found in Mac OS X, some Windows server deployments, and even Android. It enables remote code injection of arbitrary commands without authentication, which can then allow malicious code execution that could be used to take over an operating system, access confidential data, or set the stage for future attacks.

NIST rates this a 10 (out of 10) on the severity score, based on the fact that it is widespread and common, easy to execute an attack (low complexity) and requires no authentication when exploiting Bash via CGI scripts.

Unlike the recent Heartbleed vulnerability, this is even more prevalent and easily accessed, making it a much bigger risk to organizations.

Who is affected?

Any organization or user that has bash enabled on a server, desktop, or device is affected by this vulnerability. This includes the over 500 million web servers on the Internet today. As well, end-users’ accessing web sites or services being run on affected servers are vulnerable to their personal and business information falling into the wrong hands.

What can you do?

This is a critical vulnerability and should be addressed and patched as soon as possible. One big challenge is that there will be many patches that will have to be both produced and then distributed (ex: each Linux distro that uses bash will need to deliver a patch), making it very difficult to address quickly. The second is that many devices that could be compromised based on running Linux (ex: routers, medical devices) will not be easily patched.

Trend Micro has two key recommendations for organizations:

  1. Assess your environment and if you have a vulnerable version of bash present, you should patch your system(s) as soon as possible.
  2. Ensure you have an up-to-date IPS in place to protect your vulnerable systems until you have a chance to fully patch. If you do not have an IPS in place, consider leveraging a service-based offering to get up and running quickly.

How is Trend Micro helping?

Trend Micro has multiple ways to immediately help customers with this new vulnerability.

For protecting enterprise servers:

  • Deep Security can virtually patch servers that have this vulnerability, providing protection until patches can be applied via IPS. Existing customers can simply turn on the new rule (DSRU14-028) that is available on the Trend Micro live update servers and
    they will be immediately protected. Trend Micro also offers a free, full-featured trial through Deep Security as a Service that can quickly help to virtually patch vulnerable servers and is live with updated protection today.
  • Deep Security for Web Apps can be used to assess web applications and detect if a server that is running a web application is susceptible to the vulnerability. An update to the service will be available on September 26, 2014 that will enable customers to better
    understand what vulnerable web applications they have and take appropriate action (patch, use IPS to virtually patch).
  • Deep Discovery network monitoring can detect an attack exploiting this vulnerability (using new rule #1618) anywhere on your network – alerting you to a potential system intrusion in real time.

For protecting end users:

  • Interscan Web Security as a Service identifies those sites that Trend Micro has identified as being affected by the Bash vulnerability. This allows you the option to block access to these sites, protecting your users and their information, regardless of
    their device or location. Access a 30-day free trial of InterScan Web Security as a Service at https://forms.trendmicro.com/product_trials/service/index/us/144
  • Trend Micro AntiVirus for Mac free tool checks if the system has the bash vulnerability present, is vulnerable to an attack, and block vulnerable sites that Trend Micro has identified as being affected by the Bash vulnerability.

More information:

SimplySecurity Blog
Security Intelligence Blog
Security Intelligence Blog
Threat Encyclopedia
Trend Web site

Background/credits:

First announced: September 24th by leading vendors like Red Hat, Akamai, and other who found and released the vulnerability details. A Big thanks to Trend Micro for the immediate response with giving insights/information and support!