Security Alert: Drupal Publishes Second Major Security Patch in 30 Days

Websites running the popular Drupal CMS system are under attack as a new vulnerability was published Wednesday. If you use Drupal for any of your web properties, you need to update now.

Approximate Read Time: 1 Minute

Wednesday, the Drupal Security team announced patches for the SA-CORE-2018-004 security vulnerability.  Drupal is one of the most popular Content Management Systems on the planet owing to its large development community and open source base.  The U.S. Department of Energy, The Beatles, Turner Broadcasting, Major League Soccer, and Tesla Motors are just a few of the many sites powered by the Drupal platform.

Last Month, on March 28, 2018, the Drupal Security team announced SA-CORE-2018-002, a major security flaw that allowed hackers to execute remote code on any site running Drupal that hadn’t been patched.  Wednesday’s SA-CORE-2018-004 is related to the previous one, being another way to exploit the same vulnerability that was patched in 002.  The Drupal Security team has released patches for both vulnerabilities.

If you are running a site on the Drupal platform, it is highly recommended that you patch both of these vulnerabilities right away because hackers are already using these vulnerabilities to attack thousands of Drupal-powered websites.

Whatever platform you use to run your site or blog, it is critical that you pay attention to security vulnerabilities every day, or that you have a web developer that monitors this for you.  Hackers took less than 6 hours to start exploiting thousands of websites.