Magento Critical Service Advisory February 10th, 2015

Magento issues a critical security advisory on February 10th for all versions
Magento issues a critical security advisory on February 10th for all versions

The "Valentine's Day Worm" is here!

The following security update was sent today by eBay regarding all versions of Magento Community and Enterprise editions:

Dear Magento Solution Partner,

We’d like to make you aware of an important new patch that addresses a potential security issue in Magento software. This issue allows an attacker to remotely execute code on Magento software using a specially crafted request. This issue affects all versions of Magento Enterprise Edition and Magento Community Edition.

While we have not received any reports of customers being impacted by this issue, we encourage you to immediately install the patch for your clients as preventative measure.

Recommended actions:

Check for unknown files in the web server document root directory. If you find any, your client may be impacted.
Download the patch (SUPEE-5344) from the Magento Support Portal or thePartner Portal. Different versions of the patch are available for Magento Enterprise Edition 1.11.x through 1.14.1.
If your clients use Magento Community Edition, you can download patches for versions 1.6.x though 1.9.1 from the Magento Community Edition download page.
Implement and test the patch in a development environment first to confirm that it works as expected before deploying it to a client’s production site.
Magento takes security seriously and will continue to actively work to identify and resolve potential issues.

Best,
The Magento Team

Tags: