AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Serious security flaw in PHP on Windows server in CGI mode

CVE-2024-4577 vulnerability details and essential mitigations for PHP servers on Windows in CGI mode

DEVCORE has discovered a serious vulnerability (CVE-2024-4577) in PHP on Windows in CGI mode, which allows remote code execution. It affects several versions of PHP and poses a critical risk to servers. Immediate updating of PHP is recommended.

This pill is also available in Italian language

In the world of cybersecurity, Taiwanese company DEVCORE has identified a significant vulnerability in PHP installations on Windows in CGI mode. The vulnerability, identified with code CVE-2024-4577, does not yet have a specific CVSS score but allows attackers to manipulate command line arguments, leading to the possibility of remote code execution (RCE). According to DEVCORE, the problem has its roots in the old vulnerability CVE-2012-1823, since the new bug allows you to bypass the security measures introduced against the latter by using particular character sequences.

Affected PHP versions and risk to websites

The CVE-2024-4577 security flaw affects numerous versions of PHP on Windows servers, specifically: PHP 8.3 through 8.3.8, PHP 8.2 through 8.2.20, and PHP 8.1 through 8.1.29. The widespread diffusion of PHP within the web ecosystem, together with the simplicity of exploiting this flaw, have led experts to classify the vulnerability as critical. Immediately reported to the official PHP team, the vulnerability was made public only after the release of the corrected PHP versions, available for download from the official website. Experts estimate that the vulnerability could affect millions of websites and services hosted on Windows servers running PHP in CGI mode.

Impact on Windows servers in different locations

At the time of disclosure, it has been confirmed that an unauthorized malicious actor can execute arbitrary code on a remote server in specific interface locales, specifically: Traditional Chinese, Simplified Chinese, and Japanese. For other Windows instances in other localizations, given the wide range of uses of PHP, researchers cannot yet rule out other possible ways of exploitation. System administrators are therefore strongly encouraged to conduct their own security assessments, review their use cases, and update PHP to the latest available version to maintain the security of their systems.

Immediate action and safety recommendations

WatchTowr Labs researchers have already created and made public an exploit for this vulnerability, calling it easily replicable. Therefore, immediately updating PHP to the correct version is crucial to avoid potential attacks. To mitigate further risks, IT managers are also advised to regularly review server configurations, perform security audits, and train staff in the secure use and management of systems. Despite the criticality of the situation, taking these measures quickly can significantly reduce the risk of compromise.

Follow us on Threads for more pills like this

06/08/2024 20:22

Editorial AI

Last pills

Data breach: 560 million users involvedHow to protect yourself from the consequences of a major data breach

Ransomware attack on Synnovis: London health services in crisisSevere disruption to pathology and diagnostic services in London

A new LPE exploit for Windows for sale in the undergroundA new local privilege escalation threat for Windows in the underground forums

Critical failure in Check Point VPN solutions: risks and security measuresExposure of enterprise systems: urgent updates and patches to protect networks