CIS Logo
tagline: Confidence in the Connected World
HomeResourcesAdvisoriesCritical Patches Issued for Microsoft Products, February 13, 2018

A Bug in WordPress Update Disables Auto-Update Functionality

MS-ISAC ADVISORY NUMBER:

2018-019

DATE(S) ISSUED:

02/08/2018

OVERVIEW:

A bug has been discovered in WordPress 4.9.3 that disables the auto-update functionality. WordPress is an open source content management system (CMS) for websites.

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: MEDIUM
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: MEDIUM
Home Users:
LOW

TECHNICAL SUMMARY:

A bug has been discovered in WordPress 4.9.3 that disables the auto-update functionality. This bug was discovered after the release of WordPress 4.9.3.

Note: In order for WordPress to automatically receive future security updates, version 4.9.4 will need to be installed manually.

RECOMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate updates provided by WordPress manually to affected systems, immediately after appropriate testing.
  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Information Hub : Advisories


Privacy Preference Center

Close your account

Your account will be closed and all data will be permanently deleted and cannot be recovered. Are you sure