Yesterday, Drupal released a patch for a widespread vulnerability in versions 6, 7 and 8. You can read more about this at Drupal’s site:
https://groups.drupal.org/security/faq-2018-002
Links to the various patches for different versions:
https://www.drupal.org/sa-core-2018-002
As Drupal vulnerabilities are well-known to the bad guys, UVa Information Security recommends that you apply these patches ASAP.
If your UVa web server is managed by ITS CACS, the patch has already been applied and you don't need to do anything.
If you have any questions, please email it-security@virginia.edu.