Yesterday, March 28, 2017, the Drupal team released a patch, to fix critical security vulnerability (remote exploit) in most Drupal installations.
Here is their notification on the patch release:
https://www.drupal.org/sa-core-2018-002
In response, our system administrators located all Drupal installations on our servers, and ran the patch for the respective Drupal version.
Thus all Drupal installations our CiviHosting servers are protected from this critical security issue.