Magento security patches are small pieces of code that are released by Magento whenever they find any security vulnerability with the system. It is a good idea to install any security patch released by Magento as soon as you get to know about it. The more you delay installation of such patches the more you make your store vulnerable to security risks. Especially since after the release of such patches the vulnerability itself comes into the limelight and gets discussed on various blogs and forums, thus giving ideas to hackers who wouldn’t have even known about it earlier.
About SUPEE-9767
The latest security patch released by Magento is codenamed “SUPEE 9767” and addresses a configuration settings vulnerability, with CVSSv3 Severety of 8.8 which is high.
Here’s how Magento describes the vulnerability:
Use of the AllowSymlinks option in configuration settings can enable the upload of an image that contains malicious code. Although this option is disabled by default, an attacker with access to store configuration settings can enable it and remotely execute code.
There have been a few known attacks where attackers have gained admin access and enabled AllowSymLinks option to remotely inject malicious code.
For more details about SUPEE-9767 click here.
How To Ensure Your Store Security?
Apart from installing all the patches released by Magento as and when you get to know about them. You should also get a technical and security audit done for your store, to make sure you haven’t missed out any security patch in the past.
Magereport.com is a good website to quickly check if your store is lacking any of the security patches.
Once you find out the missing patches from Mageport you can go ahead and download the missing patches and get them installed in your store.
Need Help With Installation?
If all this talk of security patches sounds too confusing or overwhelming, we are here to help! Just order the appropriate security patch installation service from our store and we will take care of the rest!