The Drupal team released patch (in addition to the critical patch last month) and within 5 hours the flaw was being actively exploited.  If you use Drupal, patch now.