|Title||Start Date & Time||End Date & Time|
|Service Maintenance Scheduled: VPN - Cisco AnyConnect||Tuesday, July 25, 2017 - 7:00am||Tuesday, July 25, 2017 - 7:30am|
|Service Maintenance Scheduled: MSSC & Transportation Network||Thursday, July 27, 2017 - 6:00am||Thursday, July 27, 2017 - 7:30am|
|Service Maintenance Scheduled: Web Express||Saturday, July 29, 2017 - 8:00am||Saturday, July 29, 2017 - 10:00am|
|Service Maintenance Scheduled: Campus Solutions & Portals||Saturday, July 29, 2017 - 6:00pm||Sunday, July 30, 2017 - 6:00pm|
|Service Maintenance Scheduled: Human Capital Management (HCM)||Thursday, August 3, 2017 - 6:00pm||Thursday, August 3, 2017 - 11:59pm|
Drupal has released updates to address multiple vulnerabilities including one that may allow a remote attacker to take control of an affected website.
Drupal core 8.x versions prior to 8.3.4
Drupal core 7.x versions prior to 7.56
Upgrade to Drupal core 8.3.4 or 7.56
Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-003
Additional information about this vulnerability can be viewed at: https://www.drupal.org/SA-CORE-2017-003
If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or firstname.lastname@example.org. IT Service Center Hours: https://oit.colorado.edu/support/it-service-center.
Important definitions for this notice:
Urgent: severity represents a broad threat to the entire campus community including remotely exploitable administrator or root type attacks.
Severe: severity includes worms & web or email based exploits.
Important: severity includes viruses and local exploits for commonly used services.
OIT has defined the following categories to describe the severity of security risks:
URGENT severity represents a broad threat to the entire campus community.
SEVERE severity included remote exploits and worms.
IMPORTANT severity includes virus and local exploits for commonly used services.