New PHP Vulnerability Exposes Windows Servers to Remote Code Execution

Background A new Remote Code Execution (RCE) vulnerability in PHP for Windows has been disclosed, affecting all versions since 5.x and potentially impacting a vast number of servers worldwide. PHP, an open-source scripting language widely utilised for web development, is commonly deployed on both Windows and Linux servers. The RCE flaw, tracked as CVE-2024-4577 is rated 9.8 in CVSS severity. Following responsible disclosure on May 7, 2024, a fix for the vulnerability has been made available. Impact A successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on the vulnerable PHP server, leading to complete system compromise. Mitigation Measure It is strongly recommended that administrators upgrade to the latest PHP versions of 8.3.8, 8.2.20, and 8.1.29. Administrators are also advised to move away from the outdated PHP CGI altogether and opt for more secure solution such as Mod-PHP, FastCGI, or PHP-FPM. Recommendation The following references provide further details: https://www.bleepingcomputer.com/news/security/php-fixes-critical-rce-flaw-impacting-all-versions-for-windows/ https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ Contact the Cyber Security Authority The CSA has a 24-hour Cybersecurity/Cybercrime Incident Reporting Points of Contact (PoC) for reporting cybercrimes and for seeking guidance and assistance on online activities, Call or Text – 292, WhatsApp – 0501603111, Email – report@csa.gov.gh Issued by Cyber Security Authority June 20, 2024Ref: CSA/CERT/TA/2024-06/02