Latest PHP Vulnerability Allows Hackers to Execute Remote Code on Windows Servers

Published:

spot_img

Critical PHP Vulnerability Allows Remote Code Execution on Windows Systems

A critical security flaw has been discovered in PHP that could lead to remote code execution, putting millions of websites at risk. The vulnerability, known as CVE-2024-4577, affects all versions of PHP installed on Windows operating systems.

DEVCORE security researcher Orange Tsai revealed that the flaw allows attackers to bypass previous security measures and execute arbitrary code on remote PHP servers. Despite responsible disclosure on May 7, 2024, exploitation attempts have already been detected within 24 hours of the public disclosure.

In response to the threat, PHP has released patches in versions 8.3.8, 8.2.20, and 8.1.29. However, DEVCORE warns that all XAMPP installations on Windows are vulnerable by default, especially if configured to use Traditional Chinese, Simplified Chinese, or Japanese locales.

To mitigate the risk, DEVCORE recommends moving away from PHP CGI and opting for more secure solutions like Mod-PHP, FastCGI, or PHP-FPM. Security researcher Aliz Hammond emphasized the urgency of applying the patches, as the exploit is relatively simple and has a high likelihood of being used on a large scale.

With the potential for widespread exploitation, website administrators are advised to take immediate action to protect their servers and data. Stay informed and follow us on Twitter and LinkedIn for more exclusive cybersecurity updates.

spot_img

Related articles

Recent articles

UK Regulator Launches Investigation into TikTok Age Verification Amid Strengthened Child Safety Measures

UK Regulator Launches Investigation into TikTok Age Verification Amid Strengthened Child Safety Measures The UK's communications regulator, Ofcom, has initiated a formal investigation into TikTok's...

Legacy Systems, Real-World Risks: Navigating the Challenges of OT Security

Legacy Systems, Real-World Risks: Navigating the Challenges of OT Security Operational Technology (OT) security presents unique challenges that differ significantly from traditional Information Technology (IT)...

Sophos Launches Sophos Fusion: The Complete AI-Native Cybersecurity Defense System for the AI Era

Sophos Launches Sophos Fusion: The Complete AI-Native Cybersecurity Defense System for the AI Era Sophos has unveiled Sophos Fusion, a comprehensive AI-native cybersecurity defense system...

1Password Advances Secure Credential Access for AI Agents with Claude Integration

1Password Advances Secure Credential Access for AI Agents with Claude Integration In a significant development for cybersecurity and artificial intelligence, 1Password has launched 1Password for...