Magento has just released the SUPEE-10415 security patch for the following versions:
- Magento Commerce 220.127.116.11-18.104.22.168 (formerly known as Enterprise Edition)
- Magento Open Source 22.214.171.124-126.96.36.199 (formerly known as Community Edition)
The patch contains fixed for several security vulnerabilities including cross-site request forgery (CSRF), Denial-of-Service (DoS), and authenticated Admin user remote code execution (RCE).
You can learn more about the patch and download it here: https://magento.com/security/patches/supee-10415
As with all Magento 1 security patches, I’d strongly recommend using the Experius Patch Helper to help you identify any overridden files that will also need to be patched.