Just when you thought the worst was over for a year packed with security incidents from POS attacks to the Heartbleed bug, we hear about the bash bug: a recently discovered security threat that could compromise everything from web servers to connected cameras and IOT devices.
What is the Bash Bug and what devices are affected?
This vulnerability was discovered by Stephane Chazelas and announced in an online security forum. This bug, which has been unnoticed for over two decades, allows attackers to execute malicious code within a bash shell (this is typically the command prompt on pcs, macs and linux machines), allowing them to overwrite authentication information and gain access to confidential data by taking control of the operating system. If you thought the Heartbleed bug was bad, this is worse, it has been given a severity rating of 10 / 10 by the national vulnerability database and is predicted to leave a far larger number of endpoints unpatched due to the inability to identify all possible vulnerable devices in your organization.
The bash bug affects linux and unix machines as well as hardware running Mac OSX, with the most vulnerable being web Apache–HTTP Server, and scripts executed by DHCP clients. This also affects a number of connected Internet-of-things devices that have software built using Bash scripts. This could be anything from your CCTV cameras to an internet connected light bulb in your home. Given that this bug has been around for a while there may be older versions of OS on systems and devices that are vulnerable as well which maybe easily overlooked when applying patches.
What you need to do to protect your endpoints and data
Within a day of the bug being disclosed attackers are already looking for ways to target your systems—proof of concept code that exploits bash using cgi scripts are already floating around the web.
There are two parts to fixing the problem. First, you need to identify every system within your organization on and off your network that is affected by this bug. Given the global reach of companies today, finding these systems takes time, and even then not all systems are identified. Second, you need remediation by applying a patch to all these systems—and many of them could be running different versions of operating systems. That means you need to apply a different patch for each type of OS. This adds to the complexity of getting all your systems patched in time.
How IBM Endpoint Manager is helping clients to detect and remediate this vulnerability
IBM Endpoint Manager Client supports more than 90 different flavors of Operating Systems, meaning clients can quickly detect incidents and analyze the content—and more easily identify any systems that are vulnerable.
Our security experts work around the clock to update and release patches from OS vendors that can be applied to all your systems through the single centralized Endpoint Manager console. With our “detection task and analysis” feature you can quickly identify all vulnerable systems that need to be patched. If you’re an existing IBM Endpoint Manager client, you can find instructions here on how to identify affected endpoints in your organization, and see a full list of operating system patches that have been released.
If you currently do not have IBM Endpoint Manager, visit our website and contact an IBM representative today to get our unique Unified Endpoint Management solution which can find and fix problems across all your devices—from servers to smartphones—on and off the corporate network within minutes. Contact us on twitter @IBMEndpoint with any questions or concerns.
We’re watching out for you. This email from a current client after receiving instructions from IBM on how to protect against the Bash Bug (within just a few hours of it being detected) sums it up: "This is high-quality, useful information and support. You and the IBM Endpoint Manager (BigFix) team continue to make us look good. Keep it up."