Latest PHP Vulnerability Allows Hackers to Execute Remote Code on Windows Servers

Published:

spot_img

Critical PHP Vulnerability Allows Remote Code Execution on Windows Systems

A critical security flaw has been discovered in PHP that could lead to remote code execution, putting millions of websites at risk. The vulnerability, known as CVE-2024-4577, affects all versions of PHP installed on Windows operating systems.

DEVCORE security researcher Orange Tsai revealed that the flaw allows attackers to bypass previous security measures and execute arbitrary code on remote PHP servers. Despite responsible disclosure on May 7, 2024, exploitation attempts have already been detected within 24 hours of the public disclosure.

In response to the threat, PHP has released patches in versions 8.3.8, 8.2.20, and 8.1.29. However, DEVCORE warns that all XAMPP installations on Windows are vulnerable by default, especially if configured to use Traditional Chinese, Simplified Chinese, or Japanese locales.

To mitigate the risk, DEVCORE recommends moving away from PHP CGI and opting for more secure solutions like Mod-PHP, FastCGI, or PHP-FPM. Security researcher Aliz Hammond emphasized the urgency of applying the patches, as the exploit is relatively simple and has a high likelihood of being used on a large scale.

With the potential for widespread exploitation, website administrators are advised to take immediate action to protect their servers and data. Stay informed and follow us on Twitter and LinkedIn for more exclusive cybersecurity updates.

spot_img

Related articles

Recent articles

Russia’s FSB Blamed for Poland’s Grid Attack as UK and EU Launch Coordinated Cyber Sanctions

Russia's FSB Blamed for Poland's Grid Attack as UK and EU Launch Coordinated Cyber Sanctions A significant cyberattack last winter, which nearly disrupted heating for...

Attackers Exploit Spoofed OAuth Client IDs to Stealthily Enumerate Credentials at Scale

Attackers Exploit Spoofed OAuth Client IDs to Stealthily Enumerate Credentials at Scale Recent investigations by cybersecurity researchers have unveiled a series of sophisticated campaigns where...

AI Management Emerges as a Crucial Priority Over Development, Asserts UiPath Executive

AI Management Emerges as a Crucial Priority Over Development, Asserts UiPath Executive As organizations in the UAE and Saudi Arabia advance in their artificial intelligence...

Digital Forensics Strengthens Case Against Jason Cunningham in £113,000 Property Investment Fraud

Digital Forensics Strengthens Case Against Jason Cunningham in £113,000 Property Investment Fraud A significant property investment fraud case in the United Kingdom has highlighted the...