Main Content

Safe from Website Vulnerabilities and the XML Quadratic Blowup Attack!

Millions of Wordpress and Drupal websites around the world are in need of an immediate upgrade due to a security vulnerability. The vulnerability uses an XML Quadratic Blowup Attack which is a sub-attack from the well-known Billion Laughs attack.  This attack (if executed) can cause the complete central processing unit (CPU) and memory failure. It can lead to denial of service (DOS), unavailable and unresponsive sites.

The risk level for the security update it is considered "Moderately Critical" - the attack execution requires the attacker to be registered on the site and have some non-default permissions (e.g. creating content).

You can learn more about the vulnerability and the attack here

The good news? The robust Drupal security team has already released a fix included in the latest Drupal update. So, all you have to do is upgrade to the latest version of Drupal. If you are a Promet Support and Maintenance client, our Support team has already been working on this for you. Our development clients have also been notified and we are working on this fix for them as well. Rest assured, we are your first line of defense against this attack.

If you have any questions about this attack or the protocol we are taking to protect our clients, please reach out to our Support Manager, Melissa Gonzalez at 773.525.8255.