Latest PHP Vulnerability Allows Hackers to Execute Remote Code on Windows Servers

Published:

spot_img

Critical PHP Vulnerability Allows Remote Code Execution on Windows Systems

A critical security flaw has been discovered in PHP that could lead to remote code execution, putting millions of websites at risk. The vulnerability, known as CVE-2024-4577, affects all versions of PHP installed on Windows operating systems.

DEVCORE security researcher Orange Tsai revealed that the flaw allows attackers to bypass previous security measures and execute arbitrary code on remote PHP servers. Despite responsible disclosure on May 7, 2024, exploitation attempts have already been detected within 24 hours of the public disclosure.

In response to the threat, PHP has released patches in versions 8.3.8, 8.2.20, and 8.1.29. However, DEVCORE warns that all XAMPP installations on Windows are vulnerable by default, especially if configured to use Traditional Chinese, Simplified Chinese, or Japanese locales.

To mitigate the risk, DEVCORE recommends moving away from PHP CGI and opting for more secure solutions like Mod-PHP, FastCGI, or PHP-FPM. Security researcher Aliz Hammond emphasized the urgency of applying the patches, as the exploit is relatively simple and has a high likelihood of being used on a large scale.

With the potential for widespread exploitation, website administrators are advised to take immediate action to protect their servers and data. Stay informed and follow us on Twitter and LinkedIn for more exclusive cybersecurity updates.

spot_img

Related articles

Recent articles

India’s Scrutiny of WhatsApp’s Username Feature Signals a Shift in Cybersecurity Policy

India’s Scrutiny of WhatsApp's Username Feature Signals a Shift in Cybersecurity Policy India's recent examination of WhatsApp's username feature marks a significant turning point in...

DEBULL Tooling Exploits Microsoft Device-Code Flow to Compromise M365 Accounts

DEBULL Tooling Exploits Microsoft Device-Code Flow to Compromise M365 Accounts A recent surge in device code phishing campaigns targeting Microsoft 365 accounts has raised alarms...

Bitdefender’s 2026 Cybersecurity Assessment Exposes Critical Gaps in AI Threat Management

Bitdefender's 2026 cybersecurity Assessment Exposes Critical Gaps in AI Threat Management In an era marked by rapid technological advancement, the latest findings from Bitdefender's 2026...

Gulf States Accelerate Cybersecurity Measures Amid Surge in Attacks and Geopolitical Tensions

Gulf States Accelerate Cybersecurity Measures Amid Surge in Attacks and Geopolitical Tensions A significant rise in cyberattacks, coupled with physical strikes on cloud infrastructure and...