Summary: GreyNoise has alerted that the critical CVE-2024-4577 PHP remote code execution vulnerability affecting Windows systems is currently being exploited on a large scale. This flaw allows unauthenticated attackers to compromise systems completely through PHP running in CGI mode. Recent attacks have expanded globally, targeting numerous countries, with evidence of persistent threats and varied malicious intentions behind the exploitation.
Affected: Windows systems using PHP in CGI mode
Keypoints :
- The vulnerability was patched in June 2024, yet exploitation attempts surged shortly after the release of the fix.
- Attacks have been observed targeting not just Japan but also the United States, Singapore, Germany, and China.
- Exploitation activities suggest attackers aim to establish persistence and deploy various malicious tools following initial breaches.