Ransomware attackers quickly weaponize PHP vulnerability with 9.8 severity rating

Photograph depicts a security scanner extracting virus from a string of binary code. Hand with the word "exploit"

Enlarge (credit: Getty Images)

The output of PHP servers infected by TellYouThePass ransomware.

The output of PHP servers infected by TellYouThePass ransomware. (credit: Censys)

The accompanying ransom note.

The accompanying ransom note. (credit: Censys)

When opportunity knocks

The vulnerability, tracked as CVE-2024-4577 and carrying a severity rating of 9.8 out of 10, stems from errors in the way PHP converts Unicode characters into ASCII. A feature built into Windows known as Best Fit allows attackers to use a technique known as argument injection to convert user-supplied input into characters that pass malicious commands to the main PHP application. Exploits allow attackers to bypass CVE-2012-1823, a critical code execution vulnerability patched in PHP in 2012.

Read 11 remaining paragraphs | Comments

Article Tags:
Article Categories:
Technology