Developers have been using PHP on Windows Servers for decades.
PHP is widely regarded as secure for use on platforms like Windows Server.
A cybersecurity group, DEVCORE, has disclosed a severe vulnerability in PHP that allows remote execution of code on susceptible Windows Server environments.
This issue is officially referenced as CVE-2024-4577 and involves a CGI argument injection vulnerability.
Within a day of being disclosed, numerous attacks targeted PHP servers in Egypt due to this security flaw.
Significantly, the CVE-2024-4577 vulnerability impacts all PHP installations on Windows systems.
In response, DEVCORE’s announcement prompted PHP to roll out a new release, version 8.3.8, which addresses this issue.
PHP has urged all users to upgrade their server’s PHP to the most recent version.
The latest blog post by the security research team indicates that a vulnerability in XAMPP for Windows could potentially allow attackers to access remote XAMPP servers by default.
A security expert named Orange Tsai points out that the Best-Fit feature in Windows is the culprit behind this vulnerability.
Further, it was noted that this particular feature, Best-Fit, could lead to additional complications.
The DEVCORE team has revealed that the PHP team did not properly address the encoding conversion mechanisms within the Windows operating system.
This absence of proper encoding has enabled attackers to gain unrestricted access to the server.
According to security experts, this flaw could permit a threat actor to remotely obtain sensitive data from a server without needing any authentication.
This vulnerability might also lead to a denial-of-service attack and enable the execution of arbitrary code on the web server.
Additionally, it has been observed that certain local versions of PHP are particularly susceptible to this problem.
Therefore, if you have installed traditional Chinese, simplified Chinese or Japanese locales for PHP on your Windows server, you may have to look for immediate mitigation options.
It needs to be noted that the particular vulnerability is straightforward, and it is unclear how the team overlooked such a larger issue.
Regardless, the cyber security team has also recommended using Mod-PHP, FastCGI, or PHP-FPM instead of the outdated PHP CGI.
You can refer to the full mitigation document from DEVCORE here.
To be updated with all the latest news
Save my name, email, and website in this browser for the next time I comment.
To be updated with all the latest news
Get More Info
Hudson Valley Host is premier provider of cutting-edge hosting solutions, specializing in delivering a seamless online experience for businesses and individuals. We offer a comprehensive range of hosting services, including Shared Hosting, VPS, Dedicated Servers, and Colocation. With 24/7 technical support, robust security measures, and user-friendly control panels, we empower clients in managing their online presence effortlessly. Hudson Valley Host is your trusted partner in achieving online success.
For Inquiries or to receive a personalized quote, please reach out to us through our contact form here or email us at sales@hudsonvalleyhost.com.
