Drupal 7.32 critical update: Denver DataMan Response

If you are using Drupal 7, it is vital that you are aware of the latest security update released. Any website running Drupal 7, prior to the .32 release is at serious risk. You might think, my site is small it will not be hacked, unfortunately, however the attack is being completed by an automated tool so all Drupal sites are at risk. The only option is to patch/upgrade your site to the .32 version or higher (when released) of Drupal.

If your site was not patched on October 15th it is vital to review your site to make sure it has not already been attacked. When possible site owners should consider reverting to a version of their site on 10/14. Given that this is not possible for most sites after a couple of days checking the site can be done.

Contact Denver DataMan today if your site has not yet been patched or upgraded.

From a technical point of view this is known as CVE-2014-3704 and the Drupal Security Team has published an FAQ. OSTraining has also covered the code change made by the upgraded.