New PHP vulnerability exposes Windows servers to remote malicious code execution
03:44:00 | 11-07-2024

Serious vulnerabilities in popular programming languages allow hackers to execute malicious code remotely, without authentication. All PHP versions installed on Windows are affected by this vulnerability.

Attackers can execute malicious code on remote PHP servers through a parameter injection attack. If the system is configured to use certain code pages, the Windows 'Best-Fit' mechanism may replace characters in the command line provided to Windows API functions, causing The PHP-CGI module misinterprets these characters as PHP options, allowing attackers to pass options that lead to script source code exposure or arbitrary PHP code execution on the server. Currently, Chinese and Japanese encodings have been recorded, and other languages can also be potentially exploited.

In fact, many hackers have started looking for ways to attack emulated servers by exploiting this vulnerability.

The vendor has released patches for PHP versions 8.3.8, 8.2.20 and 8.1.29. However, administrators are recommended to completely remove outdated PHP CGI and choose a more secure solution such as Mod-PHP, FastCGI or PHP-FPM.