![Photograph depicts a security scanner extracting virus from a string of binary code. Hand with the word "exploit"](https://investologics.com/wp-content/uploads/2024/06/ransomware-attackers-quickly-weaponize-php-vulnerability-with-9-8-severity-rating.jpg)
Enlarge (credit: Getty Images)
![The output of PHP servers infected by TellYouThePass ransomware.](https://investologics.com/wp-content/uploads/2024/06/ransomware-attackers-quickly-weaponize-php-vulnerability-with-9-8-severity-rating.webp)
The output of PHP servers infected by TellYouThePass ransomware. (credit: Censys)
![The accompanying ransom note.](https://investologics.com/wp-content/uploads/2024/06/ransomware-attackers-quickly-weaponize-php-vulnerability-with-9-8-severity-rating-1.webp)
The accompanying ransom note. (credit: Censys)
When opportunity knocks
The vulnerability, tracked as CVE-2024-4577 and carrying a severity rating of 9.8 out of 10, stems from errors in the way PHP converts Unicode characters into ASCII. A feature built into Windows known as Best Fit allows attackers to use a technique known as argument injection to convert user-supplied input into characters that pass malicious commands to the main PHP application. Exploits allow attackers to bypass CVE-2012-1823, a critical code execution vulnerability patched in PHP in 2012.
Read 11 remaining paragraphs | Comments
Article Tags:
featuredArticle Categories:
Technology