6 Critical Server Vulnerabilities You Must Fix Now

17 April 2015: Since the publication of this article, a new vulnerability affecting all Windows servers and desktop machines has been announced – HTTP.sys Remote Code Execution Vulnerability Affecting Windows Systems – CVE-2015-1635

 

There have been several major server-related exploits and breaches reported in the last 11 months. In case you’re finding it hard to keep up, here’s a recap of our Critical Advisories about the top 6 recently exposed vulnerabilities for Linux and Windows servers.  Each advisory includes a simple summary of the vulnerability and its effects, how to tell if your server is affected, and the necessary fixes issued by the OS vendors.

If you’ve been putting off the necessary patches or fixes for any reason, here are the major vulnerabilities in a convenient timeline.  In most cases, the latest OS update will address most or all of the previous vulnerabilities.

Why should you apply these patches or fixes?

The vulnerability reports and media articles clearly outline the potential damages and liabilities that can occur the longer you ignore the necessary fixes.  The cost of a single cybersecurity breach to a small businesses has been estimated to be as much as $180,000.  If you use your server to provide hosting accounts for customers, the potential liability of having to account to and handle multiple customers is increased.  All this excludes the effect of the damage to your organisation’s reputation,  and the actual resources it might take to mount any data or account restoration campaigns.

In addition, these vulnerabilities have been well-covered by the media to date, meaning that the exposure to many parties with potentially malicious intentions is very high.

The fixes released by OS vendors for these vulnerabilities are well-documented, simple, and relatively easy to apply. There are many step-by-step tutorials on how to do it, and  we have detailed them simply and clearly for you.

Whose responsibility is it to update and patch these servers?

For self-manageable server providers like SimplerCloud, we fully expect our server customers to manage their own servers and address these critical vulnerabilities in a timely manner.  However, we provide assistance at an inexpensive fee for critical vulnerabilities like this.

Time Line and List of Vulnerabilities

This is a chronologically reversed timeline of the reported vulnerabilities and links to their fixes. Every Critical Alert post includes a link showing how to tell if your servers are affected and the official fix instructions from the vendor.

March 3: 2015  – Freak Attack 

Critical Alert: FREAK Attack Vulnerability

January 26, 2015 – Ghost

More about Ghost

Critical Advisory: “GHOST” glibc library vulnerability in most Linux systems

November 11, 2014 – Microsoft Schannel

Microsoft Bulletin: Vulnerability in Schannel Could Allow Remote Code Execution (2992611)

Critical Advisory: Microsoft Windows Schannel Vulnerability

October 15, 2014 – Poodle

POODLE: SSLv3 vulnerability (CVE-2014-3566)

POODLE – An SSL 3.0 Vulnerability (CVE-2014-3566)

September 24, 2014 – Bashbug / Shellshock

Critical Advisory: “Bash Bug”/ “Shellshock” Vulnerability in most Linux systems

April 1, 2014 Heartbleed

More about Heartbleed

Security Advisory: Heartbleed (Openssl 1.0.1)

I’m finding it difficult to follow the patching instructions.

The patches are quite easy to apply and most developers should be able to do them on their own.  For SimplerCloud customers, we provide the following patching services for a nominal fee.

All Prices are in USD

Vulnerability 4-Fix – LINUX : Bash Bug/Shellshock; GHOST glibc; FREAK attack – $25

– All Linux fixes detailed above, except for Poodle

Vulnerability 2-Fix – WINDOWS: Schannel; Freak Attack (Win) $45

– All Windows-related fixes detailed above, except for Poodle

Vulnerability Fix – LINUX & WINDOWS: Poodle SSLV3 Vulnerability – $10

– Poodle fix for Linux or Windows servers

To submit, your orders, go to your SimplerCloud customer panel, click on Order > Additional Services, and select the Vulnerability Fix from the menu.

Advertisements