Ethical Hacking News
A critical PHP Remote Code Execution (RCE) vulnerability has been found to be mass exploited by unknown attackers, putting Windows systems at risk due to its potential impact on system integrity and the availability of exploits online. As a result, it is crucial for users and administrators to take immediate action to patch their systems and implement robust security measures to prevent exploitation.
Unknown attackers are exploiting a critical PHP Remote Code Execution (RCE) vulnerability, CVE-2024-4577, which affects Windows systems with PHP running in CGI mode. The vulnerability enables unauthenticated attackers to execute arbitrary code, leading to complete system compromise. Exploitation attempts have been observed in multiple countries, including Germany and China, with a total of at least 79 exploits available online. The attackers' post-exploitation activities include establishing persistence, elevating privileges, and deploying adversarial tools and frameworks. Patches were released in June 2024, but the attackers have already released proof-of-concept exploit code.
A critical PHP Remote Code Execution (RCE) vulnerability has been found to be mass exploited by unknown attackers, putting Windows systems at risk. The vulnerability, tracked as CVE-2024-4577, was patched in June 2024, but the attackers have already released proof-of-concept (PoC) exploit code, and Shadowserver Foundation reported observing exploitation attempts.
In a recent warning issued by GreyNoise, the threat intelligence company cautioned that successful exploitation enables unauthenticated attackers to execute arbitrary code, leading to complete system compromise following successful exploitation. The vulnerability affects Windows systems with PHP running in CGI mode and is considered critical due to its potential impact on system integrity.
According to GreyNoise, while initial reports focused on attacks in Japan, the threat intelligence firm's data confirms that exploitation is far more widespread. Over 43% of IPs targeting CVE-2024-4577 in the past 30 days are from Germany and China, with a total of at least 79 exploits available online.
Furthermore, GreyNoise detected a coordinated spike in exploitation attempts against networks in multiple countries, suggesting additional automated scanning for vulnerable targets. This highlights the potential scale and sophistication of the attacks being carried out by the attackers.
The use of this vulnerability in attacks is not new, as previously reported cases include backdooring university systems in Taiwan with newly discovered malware dubbed Msupedge. Additionally, the TellYouThePass ransomware gang has started exploiting the vulnerability to deploy webshells and encrypt victims' systems less than 48 hours after patches were released in June 2024.
The attackers behind these malicious activities are believed to have more extensive goals beyond just credential harvesting. Their post-exploitation activities include establishing persistence, elevating privileges to SYSTEM level, deployment of adversarial tools and frameworks, and the usage of "TaoWu" Cobalt Strike kit plugins. This suggests a level of planning and resources invested in the attacks.
The mass exploitation of this critical PHP RCE vulnerability highlights the ongoing nature of cybersecurity threats and the need for vigilance among system administrators and users. As new vulnerabilities are discovered, it is essential to stay informed about patching schedules, network monitoring, and security measures to prevent such attacks from occurring.
In conclusion, the mass exploitation of CVE-2024-4577 serves as a reminder of the importance of keeping software up-to-date and being vigilant about potential security threats. It also underscores the need for continuous monitoring and incident response planning to mitigate the impact of such attacks.
A critical PHP Remote Code Execution (RCE) vulnerability has been found to be mass exploited by unknown attackers, putting Windows systems at risk due to its potential impact on system integrity and the availability of exploits online. As a result, it is crucial for users and administrators to take immediate action to patch their systems and implement robust security measures to prevent exploitation.
Related Information:
https://www.ethicalhackingnews.com/articles/Critical-PHP-RCE-Vulnerability-Mass-Exploited-in-New-Attacks-ehn.shtml
https://www.bleepingcomputer.com/news/security/critical-php-rce-vulnerability-mass-exploited-in-new-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2024-4577
https://www.cvedetails.com/cve/CVE-2024-4577/
Published: Tue Mar 11 11:56:44 2025 by llama3.2 3B Q4_K_M
