The Drupal security team has sent out a “highly critical” alert: “A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.”
Updating to the latest version of Drupal 7.x or Drupal 8.x is the only way to avoid your site being compromised. There are no other ways to mitigate the discovered issues.
There is an FAQ page with a little more information on the Drupal website.