Critical RCE Vulnerability In Windows PHP Fixed

A new remote code execution (RCE) vulnerability in PHP for Windows has been disclosed, affecting all versions since 5.x and potentially millions of servers worldwide. PHP, an open-source scripting language used for web development on Windows and Linux servers, has a new flaw, CVE-2024-4577, discovered by Devcore's Orange Tsai on May 7, 2024. The PHP team released a patch yesterday. However, updating such a widely deployed project is complex, leaving many systems vulnerable for some time. When critical vulnerabilities are disclosed, threat actors quickly start searching for unpatched systems. Read more...