As opposed to other firms, Megaplan-IT's mission is to build long lasting partnerships with our clients that improves the Security and Compliance assessment process and also lowers cost year after year.
In response to two known website vulnerabilities, one of which is being actively exploited by hackers, the PHP Group released PHP 5.4.3 and PHP 5.3.13 yesterday. The releases complete a fix for a vulnerability in CGI-based setups (CVE-2012-2311).
Although this issue has been known since last week, initial patches were ineffective and the manual workaround suggested by the PHP developers when releasing the emergency updates was easy to bypass as well. The situation only got worse once the hackers joined in the fun...
After the first round of patches failed, various monitoring and security firms, such as Sucuri, reported that hackers were suddenly and actively trying to exploit the vulnerability. The attackers first send a malicious query that includes the "-s" php-cgi flag to test if the targeted websites are vulnerable and then proceed to install a backdoor through a query with the "-d" flag. These attacks were ongoing while PHP was simultaneously working to correct the problem.
Megaplan-IT recommends that all Web and server admins who run PHP through php-cgi immediately update to the new PHP 5.4.3 or PHP 5.3.13. An alternative fix is to modify your setup so that it uses the PHP module (mod_php) under the unaffected Apache or FastCGI.