Drupal has released a security update to address several critical vulnerabilities in its content management software. Exploitation of these vulnerabilities could allow an attacker to take remote control of an affected system.
Drupal recommends the following actions:
- Sites on 8.3.x should immediately update to the 8.3.x release that is provided in the advisory, and then plan to update to the latest 8.5.x security release in the next month.
- Sites on 8.4.x should immediately update to the 8.4.x release that is provided in the advisory, and then plan to update to the latest 8.5.x security release in the next month.
- Sites on 7.x or 8.5.x can immediately update using the normal procedure.
Refer to the Drupal advisory for more information and links to the necessary updates.
CSSD also recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.
Please contact the Technology Help Desk at 412-624-HELP (4357) if you have any questions regarding this announcement.