Critical PHP Vulnerability CVE-2024-4577 Exposes Windows Servers to Remote Code Execution

New PHP Vulnerability Exposes Windows Servers to Remote Code Execution

Details have emerged about a critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances.

The vulnerability, tracked as CVE-2024-4577, is a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating system.

According to DEVCORE security researcher, the flaw bypasses protections set for CVE-2012-1823.

"While implementing PHP, the team did not notice the Best-Fit feature of encoding conversion within the Windows operating system," said security researcher Orange Tsai. "This oversight allows unauthenticated attackers to bypass the previous protection of CVE-2012-1823 using specific character sequences. Arbitrary code can be executed on remote PHP servers through the argument injection attack."

A fix for the vulnerability has been made available in PHP versions 8.3.8, 8.2.20, and 8.1.29 following responsible disclosure on May 7, 2024.

DEVCORE has warned that all XAMPP installations on Windows are vulnerable by default when configured to use the locales for Traditional Chinese, Simplified Chinese, or Japanese. The Taiwanese company recommends that administrators move away from the outdated PHP CGI and opt for more secure solutions like Mod-PHP, FastCGI, or PHP-FPM.

"This vulnerability is incredibly simple, but that's also what makes it interesting," Tsai said. "Who would have thought that a patch, which has been reviewed and proven secure for the past 12 years, could be bypassed due to a minor Windows feature?"

The Shadowserver Foundation reported exploitation attempts involving the flaw against its honeypot servers within 24 hours of public disclosure.

watchTowr Labs successfully devised an exploit for CVE-2024-4577 and achieved remote code execution, making it imperative for users to quickly apply the latest patches.

"A nasty bug with a very simple exploit," security researcher Aliz Hammond said. "Those running in an affected configuration under one of the affected locales – Chinese (simplified, or traditional) or Japanese – are urged to do this as fast as humanly possible, as the bug has a high chance of being exploited en-mass due to the low exploit complexity.

Fidel V. (the Mad Scientist)

Technical Advisor || Solution Engineer

Security ? AI ? Systems ? Cloud ? Software

?? The #Mad_Scientist "Fidel V. || Technology Innovator & Visionary ??

#AI / #AI_mindmap / #AI_ecosystem / #ai_model / #Space / #Technology / #Energy / #Manufacturing / #stem / #Docker / #Kubernetes / #Llama3 / #integration / #cloud / #Systems / #blockchain / #Automation / #LinkedIn / #genai / #gen_ai / #LLM / #ML / #analytics / #automotive / #aviation / #SecuringAI / #python / #machine_learning / #machinelearning / #deeplearning / #artificialintelligence / #businessintelligence / #cloud / #Mobileapplications / #SEO / #Website / #Education / #engineering / #management / #security / #blockchain / #marketingdigital / #entrepreneur / #linkedin / #lockdown / #energy / #startup / #retail / #fintech / #tecnologia / #programing / #future / #creativity / #innovation / #data / #bigdata / #datamining / #strategies / #DataModel / #cybersecurity / #itsecurity / #facebook / #accenture / #twitter / #ibm / #dell / #intel / #emc2 / #spark / #salesforce / #Databrick / #snowflake / #SAP / #linux / #memory / #ubuntu / #apps / #software / #io / #pipeline / #florida / #tampatech / #Georgia / #atlanta / #north_carolina / #south_carolina / #personalbranding / #Jobposting / #HR / #Recruitment / #Recruiting / #Hiring / #Entrepreneurship / #moon2mars / #nasa / #Aerospace / #spacex / #mars / #orbit / #AWS / #oracle / #microsoft / #GCP / #Azure / #ERP / #spark / #walmart / #smallbusiness