14 - July - 2016

Avoiding Drupalgeddon 2.0

Post by Matt P Matt P

On Wednesday we received an announcement that there were a number of contributed Drupal modules that had Remote code execution vulnerabilities.

According to the Drupal security team this would only affect around 1000-10,000 Drupal sites, this accounts for around 1% of all Drupal sites. From this we knew it wouldn't affect significant contrib modules, like Views, as they're fairly standard on most Drupal installations.

At 5pm BST yesterday, the following contrib module announcements were released:

As an ITIL accredited service desk, we were primed and ready to go in advance of the release, having alerted clients of the planned release and arranged additional support from our infrastructure and development team should they be required.

Shortly after the release our Drupal support team got to work, quickly establishing that around 15% of our clients sites were affected. The most common module that had to be updated was Coder. Although this module wasn't actually enabled on any production site, it only has to be in the docroot to be exploited. Within an hour all client sites had been patched and secured.

Once again, our support team handled the security vulnerabilities brilliantly. Go team!

Matt P

Matt P

Service Desk Manager

Support team lead managing the service desk incidents, change requests, clients and the team at Ixis. There's no problem he can't fix.

Add new comment

Share this article

Our thoughts

Let's work together

Get in touch and find out how we can empower your organisation.
Back to top