New PHP Vulnerability Exposes Windows Servers to Remote Code Execution

Background

A new Remote Code Execution (RCE) vulnerability in PHP for Windows has been disclosed, affecting all versions since 5.x and potentially impacting a vast number of servers worldwide. PHP, an open-source scripting language widely utilised for web development, is commonly deployed on both Windows and Linux servers. The RCE flaw, tracked as CVE-2024-4577 is rated 9.8 in CVSS severity. Following responsible disclosure on May 7, 2024, a fix for the vulnerability has been made available.

Impact

A successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on the vulnerable PHP server, leading to complete system compromise.

Mitigation Measure

  • It is strongly recommended that administrators upgrade to the latest PHP versions of 8.3.8, 8.2.20, and 8.1.29.
  • Administrators are also advised to move away from the outdated PHP CGI altogether and opt for more secure solution such as Mod-PHP, FastCGI, or PHP-FPM.

Recommendation

The following references provide further details:

Contact the Cyber Security Authority

The CSA has a 24-hour Cybersecurity/Cybercrime Incident Reporting Points of Contact (PoC) for reporting cybercrimes and for seeking guidance and assistance on online activities, Call or Text – 292, WhatsApp – 0501603111, Email – report@csa.gov.gh

Issued by Cyber Security Authority
June 20, 2024


Ref: CSA/CERT/TA/2024-06/02