Welcome to WebmasterWorld Guest from 18.204.48.199

Forum Moderators: phranque

Message Too Old, No Replies

Drupal says Reports of Wide-Open Unpatched Websites Are Untrue

     
6:05 am on Jun 8, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:10569
votes: 1124


Drupal is playing down estimates that more than 100,000 websites are still vulnerable to months-old critical security flaws in its content management system.

The developer said Thursday that reports from earlier this week claiming tens of thousands of sites were not patched with version 7.58, and thus were vulnerable to an attack dubbed Drupalgeddon 2 were based on bad info.

The number was floated by security researcher Troy Mursch, who based the estimate on a set of 500,000 sites he found using Drupal. The researcher said that of the 500,000 observed sites, 115,070 were found to be running an outdated version of Drupal 7 that would be vulnerable to the remote-code-execution hole discovered in April. An additional 134,447 sites were deemed to not be at risk, and 225,056 sites could not be diagnosed either way.


[theregister.co.uk...]

Might want to take a look if running Drupal...
12:18 am on June 11, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


I know there was almost a frenzy to patch all the installs at my shared host.