Number: AL25-001
Date: March 12, 2025
Audience
This Alert is intended for IT professionals and managers.
Purpose
An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.
Details
The Cyber Centre is aware of reports of ongoing and increased exploitation of CVE-2024-4577 Footnote 1Footnote 2Footnote 3, a critical remote code execution (RCE) vulnerability in the PHP-CGI implementation of PHP on Windows.
Windows-based PHP installations configured to use PHP-CGI are specifically at risk as the vulnerability exploits Unicode processing in the CGI module.
Threat actors are actively using this vulnerability. The Cyber Centre is not aware of any Canadian victims from this increased activity, but systems in Canada remain vulnerable despite the exploit proof-of-concept being available since June 2024.
Suggested Actions
Organizations should determine if they are at risk by verifying whether they are running vulnerable versions of PHP installed on Windows.
Organizations are advised to update to the following versions of PHPFootnote 4:
- PHP 8.3 - update to 8.3.8 or later
- PHP 8.2 - update to 8.2.20 or later
- PHP 8.1 - update to 8.1.29 or later
Organizations should also review and implement the Cyber Centre’s Top 10 IT Security Actions Footnote 5 with an emphasis on the following topics:
- Consolidating, monitoring, and defending Internet gateways.
- Patching operating systems and applications.
- Isolate web-facing applications.
Determine if associated malicious activity has occurred in potentially vulnerable systems. Should this be the case, recipients are encouraged to report via the My Cyber Portal, or email contact@cyber.gc.ca.
Partner Reporting
Information provided by organizations not subject to the Official Languages Act is in the language(s) provided.