On September 24, 2014, a vulnerability in the Bash shell was publicly announced. This vulnerability, also known as “ShellShock,” has been identified by the NIST as CVE-2014-7169. This vulnerability primarily affects GNU/Linux distributions and other products that are based upon those distributions.
ManageOps’s hosting infrastructure primarily consists of Windows servers, which are not subject to this vulnerability. Furthermore, both WatchGuard (whose XTMv firewall appliances we use for our perimeter security) and Citrix (whose NetScaler virtual appliances we use to provide SSL/VPN access to our cloud infrastructure) have now issued statements confirming that these products are not subject to this vulnerability.
We will continue to monitor information on this vulnerability as it becomes available. In the meantime, ManageOps’s cloud hosting customers can be confident that the security of their data is not at risk from this vulnerability.