Drupal has released security updates to address multiple vulnerabilities in its content management software. Exploitation of these vulnerabilities could allow an attacker to take control of an affected Web site.
Available updates include:
- Drupal core 6.38 for 6.x users
- Drupal core 7.43 for 7.x users
- Drupal core 8.0.4 for 8.0.x users
CSSD recommends that users and systems administrators review the Drupal Security Advisory and apply the necessary updates.
CSSD also recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.
Please contact the Technology Help Desk at 412-624-HELP  if you have any questions regarding this announcement.