We just learned that the exploit that Drupal released a patch for earlier today is now being exploited in the wild.
The Office of Information security will be notifying Drupal system owners of a patch that has been released for a Core Critical Release for Drupal. For more information on the patch:
Drupalgeddon 3 – Drupal core – Critical – Remote Code Execution – SA-CORE-2018-004
Description: A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core – Highly critical – Remote Code Execution – SA-CORE-2018-002. While SA-CORE-2018-002 is being exploited in the wild, this vulnerability is not known to be in active exploitation as of this release.
Solution: Upgrade to the most recent version of Drupal 7 or 8 core.