Drupal security updates address vulnerability exploited online
Drupal has released new security updates for Drupal 7 and Drupal 8. These updates address several vulnerabilities, including one rated critical and another that is currently being actively exploited by spammers.
What to do now
If you have a website that uses Drupal 7 or Drupal 8 apply this update now. Additional information and a link to download the updates (Drupal 8.3.4 and Drupal 7.56) are available from this Drupal security advisory.
Security updates fix weaknesses in computer systems that attackers may use to gain unauthorised access or to perform other malicious activity.
Attackers can exploit these weaknesses to perform other malicious actions, such as stealing or corrupting information, installing malware or stopping the affected system from working correctly.
Websites with out-of-date software are prized targets for attackers who may use them for a number of malicious purposes. They can be used to send spam (as in this case) or even to host malicious content that could expose your website's visitors to harm.
Visit the Drupal website to learn how to check which version of Drupal you're running.
Stay Smart Online recommends, whenever possible, choosing to automatically apply security updates when they become available. Automatic updates minimise the risk of delaying or forgetting to apply an update, and limit the chance that attackers will gain access to your computer and sensitive personal and financial data.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.