New PHP Vulnerability Exposes Windows Servers to Remote Code Execution -Discussion- Socratic Lab

The newly discovered vulnerability in PHP, tracked as CVE-2024-4577, specifically affects systems using the Windows operating system. It is a CGI argument injection vulnerability that impacts all versions of PHP installed on Windows. This vulnerability allows unauthenticated attackers to bypass previous protections put in place for another security flaw, CVE-2012-1823, by using specific character sequences1. As a result, arbitrary code can be executed on remote PHP servers through the argument injection attack.

The vulnerability arises due to an oversight in the implementation of PHP on Windows, specifically related to the Best-Fit feature of encoding conversion1. This oversight allows attackers to exploit the vulnerability and potentially take control of the affected systems, leading to serious security risks.

To mitigate this vulnerability, it is strongly recommended that users upgrade to the latest PHP versions of 8.3.8, 8.2.20, and 8.1.29. Additionally, administrators should consider moving away from the outdated PHP CGI and opt for a more secure solution such as Mod-PHP, FastCGI, or PHP-FPM. It is crucial to apply the latest patches as soon as possible, especially for systems using the affected locales (Traditional Chinese, Simplified Chinese, or Japanese), as the vulnerability has a high chance of being exploited due to its low exploit complexity.

New PHP Vulnerability Exposes Windows Servers to Remote Code Execution

What previous security flaw's protections can be bypassed due to the new PHP vulnerability?

What is the CVE identifier assigned to the new critical security flaw impacting PHP?

How does the newly discovered vulnerability in PHP affect systems specifically using the Windows operating system?