The Pakistan Telecommunication Authority (PTA) has released a cybersecurity advisory concerning a newly identified vulnerability in PHP that poses significant risks to Windows-based servers.
Labeled CVE-2024-4577, the flaw enables unauthorized remote code execution through CGI argument injection, potentially allowing attackers to bypass an earlier mitigated vulnerability, CVE-2012-1823. The vulnerability affects multiple PHP versions installed on Windows operating systems, exposing servers to arbitrary code execution attacks.
According to the PTA, the vulnerability impacts PHP versions 8.3 before 8.3.8, 8.2 before 8.2.20, and 8.1 before 8.1.29. The attack vector leverages remote code execution, making it particularly dangerous for systems running outdated software. The advisory classifies the threat as critical and underscores the urgent need for mitigation to avoid exploitation by cybercriminals.
The PTA has issued specific recommendations to address the risk. Users are urged to upgrade their PHP installations to the latest versions available at php.net. Migration to secure architectures, such as Mod-PHP, Fast CGI, or PHP-FP, has also been advised to reduce the potential attack surface. Administrators are further encouraged to regularly update all systems and software with the latest security patches to safeguard against known vulnerabilities.
The advisory emphasizes the importance of vigilance and proactive response to incidents. In the event of a breach or exploit, affected parties are requested to report details to the PTA through its CERT Portal or via email. This approach is aimed at ensuring a coordinated response and minimizing the overall impact of any attacks leveraging this vulnerability.