Shellshock and Xen Remediation
Predict 21: The Intelligence Summit Register Today

Shellshock and Xen Remediation

October 2, 2014 • Caroline Flannery

This blog post summarizes our remediation of two high-profile software vulnerabilities.

Shellshock CVE-2014-6271 Remediation

On September 24, 2014, a security vulnerability dubbed Shellshock (CVE-2014-6271) was discovered and disclosed in Bash, a software component broadly distributed with Linux- and Unix-based operating systems. Additional related vulnerabilities in Bash were found and disclosed soon thereafter.

Like most companies around the world, Recorded Future found our Linux-based servers needed immediate patching to remediate the Shellshock vulnerability. This was precautionary, as we assessed that the Recorded Future services supported by these servers were not directly vulnerable as a result of Shellshock. We completed initial remediation on September 25, and continue monitoring for additional vulnerabilities (CVE-2014-6277 for example) and related patches.

Xen CVE-2014-7188 Remediation

On October 1, 2014, a security vulnerability in Xen (CVE-2014-7188) was publicly disclosed. We completed remediation of this Xen security issue prior to public disclosure. We assessed Recorded Future services had not been disrupted through this vulnerability.

We directly informed Recorded Future customers of these actions through security advisories. If you are a Recorded Future customer and have additional questions about our remediation of these vulnerabilities, please contact us through our support center.

New call-to-action

Related Posts

Using Intelligence to Prioritize AWS Guard Duty Alerts

Using Intelligence to Prioritize AWS Guard Duty Alerts

March 10, 2021 • Meghan McGowan

Security operations teams are inundated with alerts and threats making it difficult for them to...

Announcing Security Intelligence for Splunk — For Free

Announcing Security Intelligence for Splunk — For Free

February 23, 2021 • Ellen Wilson

Today, we’re thrilled to announce the launch of a free 30-day trial of our integration for Splunk...

Special Delivery: Recorded Future Hunting Packages

Special Delivery: Recorded Future Hunting Packages

September 25, 2019 • The Recorded Future Team

Quickly detecting and preventing malicious activity is imperative to effectively protecting your...