If you’re on Magento Community, then you will by now have received an email telling you to download and install the security patches released this year.
These security risks are not currently well known, but tech firms will be sending out press releases in the next few days to publicise the risk, which could alert potential hackers to the vulnerability.
While your website won’t go down if you don’t install these patches, it is thoroughly recommended that you do them, as they will help stop the server based linux exploitations. Magento are urging all users to install the patches as soon as possible to prevent risk of a breach before the issue becomes more well known.
Magento are recommending the following:
Check for unknown files in the web server document root directory. If you find any, you may be impacted.
Download and implement 2 patches from the Magento Community Edition download page.
SUPEE-5344 – Addresses a potential remote code execution exploit (Added Feb 9, 2015)
SUPEE-1533 – Addresses two potential remote code execution exploits (Added Oct 3, 2014)
Note: Different versions of the patch are available for Magento Community Edition 1.4.x through 1.9.x.
Implement and test the patches in a development environment first to confirm that they work as expected before deploying them to your production site.
If you are concerned, or want to know more about installing the patches, contact us today. We can offer install and testing of these patches to none clients website due to its critical nature at a 2 hour support cost. Visit www.2jcommerce.com/a> and submit an enquiry.