|Title||Start Date & Time||End Date & Time|
|Service Maintenance Scheduled: Enterprise Applications Including Campus Solutions & Portals||Sunday, March 24, 2019 - 6:00am||Sunday, March 24, 2019 - 6:00pm|
|Service Maintenance Scheduled: C4C Network||Tuesday, March 26, 2019 - 5:00pm||Tuesday, March 26, 2019 - 11:30pm|
Drupal has released an update to address a vulnerability that may allow a remote code execution which could allow the site to be completely compromised. The IT Security Office recommends upgrading as soon as possible.
CU Boulder's www.colorado.edu and sites on the Web Express service are fully patched.
Drupal core 6.x, 7.x, 8.3.x, 8.4.x, and 8.5.x
Upgrade to the most recent version of Drupal 6, 7, or 8 core.
Security bulletin name: Drupal Core - Highly Critical - Remote Code Execution - SA-CORE-2018-002
Additional information about this vulnerability can be viewed at: https://www.drupal.org/SA-CORE-2018-002
If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or email@example.com. IT Service Center Hours: https://oit.colorado.edu/support/it-service-center.
OIT has defined the following categories to describe the severity of security risks:
URGENT severity represents a broad threat to the entire campus community.
SEVERE severity included remote exploits and worms.
IMPORTANT severity includes virus and local exploits for commonly used services.