Magento has announced a new security patch that concerns multiple high-risk vulnerabilities in all Magento 1 versions. These releases contain almost 40 security changes and enhancements that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities.
Magento Security Patches Released
- SUPEE-10266 (Added Sep 14, 2017) - This patch provides protection against several types of security-related issues, including remote code execution, information leaks and cross-site scripting.
- SUPEE-10336 (Added Sep 11, 2017) - This patch addresses USPS method name changes starting Sep 1, 2017
To check if your Magento store is at risk we recommend you run a scan on magereport.com that will identify if the patch has been applied correctly.
This is another reminder of the importance of following strong security practices. Please review and follow the security best practices posted on the Magento Security Center
If you have a current active Magento Site Care Plan our team will review your Magento Site security as part of your plan.
If you don't have a Magento Site Care Plan we suggest you follow the instructions above or open a support ticket so we can review your site and provide a quote to secure your Magento eCommerce store.
Wednesday, September 20, 2017