This Shellshock issue has now spawned 6 CVE’s CVE = Common Vulnerabilities and Exposures
Threat level Yellow at Internet Storm Center
This is a complex vulnerability
first CVE got patched almost immediately CVE-2014-6271
The second CVE now has a patch as of Friday). CVE-2014-7169
The 3rd and 4th CVE CVE-2014-7186,
also CVE-2014-6277 and 6278 these latest CVE’s have source code patches from http://lcamtuf.blogspot.com
The most dangerous of these are the DHCP exploits, which are still being exploited
But the biggest problem is the large amount of scanning for vulnerable systems on the Net. All the hackers Are trying to find and hack the vulnerable systems.
Also Apple has now released an update with a patch for first two http://support.apple.com/kb/DL1769
and not only the OS X systems but the Apple TV’s need fixes. The internet of things is being affected. (As mentioned in previous posts Cisco says in 2008 there are more devices on the Internet than people on Internet)
The belief that Microsoft products are not vulnerable may not be true, as any software installed that also installed Bash as software is vulnerable.
Do you have Apache on your Microsoft Server? or other software that requires it?