Help Desk: (814)865-HELP security@psu.edu

We just learned that the exploit that Drupal released a patch for earlier today is now being exploited in the wild.

https://www.bleepingcomputer.com/news/security/hackers-dont-give-site-owners-time-to-patch-start-exploiting-new-drupal-flaw-within-hours/

___________________________

The Office of Information security will be notifying Drupal system owners of a patch that has been released for a Core Critical Release for Drupal. For more information on the patch:

Drupalgeddon 3 – Drupal core – Critical – Remote Code Execution – SA-CORE-2018-004

Source: https://www.drupal.org/sa-core-2018-004

Description: A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core – Highly critical – Remote Code Execution – SA-CORE-2018-002. While SA-CORE-2018-002 is being exploited in the wild, this vulnerability is not known to be in active exploitation as of this release.

Solution: Upgrade to the most recent version of Drupal 7 or 8 core.

%d bloggers like this: