All Drupal administrators are being advised to patch up their Drupal Content Management Systems with the latest security updates by this weekend. If not, the website’s servers operating on the platform are said to be highly vulnerable to cyber attacks.
News is out that Drupalgeddon 2 vulnerability which was discovered last month is being exploited by 3 different malware families. For this reason, Drupal admins are requested to follow a security advisory issued by Drupal Management which requests them to update a patch released between 16:00- 18:00 on April 25th, 2018. The patches are being offered to 7.x, 8.4x, and 8.5.x branches of Drupal.
Early this month, there were reports that hackers exploited Drupalgeddon 2 vulnerability to install ransomware on some servers. This includes the website of Ukraine Ministry of Energy which was exploited early this month, but the incident came to light in the last weekend.
Therefore websites running on Drupal 7.x should quickly upgrade to the version of 7.59 and those running on 8.5.x should move to 8.5.3 version on an immediate note. If in case your website runs on 8.4.x then it should upgrade to 8.4.8 and then to 8.5.3 or the latest release which is secure enough.
Note- The current vulnerability is said to allow hackers execute remote code on websites allowing them to gain access to the content on the website, server, and administrator. Criminals can also exploit the vulnerability to deface the webpage.
