Skip to Content

Mini Menu

Locate a credit union
Toggle Submenu
Find More Info

State and Federal Regulators: Financial Institutions Should Move Quickly to Address Shellshock Vulnerability


3501 Fairfax Drive, Room B7081a, Arlington, VA 22226-3550 – (703) 516-5588 – FAX (703) 562-6446 – http://www.ffiec.gov

Press Release

September 26, 2014

 

For Immediate Release


State and Federal Regulators: Financial Institutions Should Move Quickly to Address 
Shellshock Vulnerability
 
Financial institutions should quickly address the “Shellshock” vulnerability by applying patches to their Bash software, the Federal Financial Institutions Examination Council said Friday.
 
Bash, or Bourne-again Shell—a common software tool found in most UNIX, Linux, and Mac OS X operating systems and which also may be installed on Windows servers—is used to execute a sequence of commands.  The “Shellshock” vulnerability could allow an attacker to execute malicious code on Bash and gain control over a targeted system.  The pervasive use of Bash and the potential for this vulnerability to be automated presents a material risk. 
 
Financial institutions and their service providers should assess the risk to their infrastructures and execute mitigation activities with appropriate urgency.  Financial institutions should identify all servers, systems, and appliances that use the vulnerable versions of Bash and follow appropriate patch management practices1.  Financial institutions relying on third-party service providers should ensure those providers are aware of the vulnerability and are taking appropriate mitigation action.

                                                                                   ###


The FFIEC was established in March 1979 to prescribe uniform principles, standards, and report forms and to promote uniformity in the supervision of financial institutions. The Council has six voting members: a Governor of the Board of Governors of the Federal Reserve System designated by the Chairman of the Board, the Chairman of the Federal Deposit Insurance Corporation, the Chairman of the Board of the National Credit Union Administration, the Comptroller of the Currency, the Director of the Consumer Financial Protection Bureau, and the Chairman of the State Liaison Committee. The Council's activities are supported by interagency task forces and by an advisory State Liaison Committee, comprised of five representatives of state agencies that supervise financial institutions.

Media Contacts
CFPB Sam Gilford (202) 435-7673
FDIC Greg Hernandez (202) 898-6984
FRB Susan Stawick (202) 452-2955
NCUA Ben Hardaway (703) 518-6333
OCC Stephanie Collins (202) 649-6870
SLC Catherine Woody (202) 728-5733

[1] Patch management, software maintenance, and security update practices are covered by a number of FFIEC IT
Examination Handbooks including: Development and Acquisition; Information Security; and Operations.
National Credit Union Administration

1775 Duke Street
Alexandria, VA - 22314
www.ncua.gov


Office of Public & Congressional Affairs

(703) 518-6330
pacamail@ncua.gov

"Protecting credit unions and the consumers who own them through effective regulation"

10/5/2018 1:47 PM