Drupal has released a security update to address vulnerabilities in its content management software. Exploitation of this vulnerability could allow an attacker to take control of an affected system.
If you use Drupal 8.x versions prior to 8.1.10, upgrade to Drupal core 8.1.10. CSSD recommends that users and systems administrators review the Drupal Security Advisory and apply the necessary update.
CSSD also recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.
Please contact the Technology Help Desk at 412-624-HELP  if you have any questions regarding this announcement.