America’s Multi-State Information Sharing & Analysis Center is operated in collaboration with its Department of Homeland Security’s Office of Cybersecurity and Communications — and they’ve got some bad news.
MS-ISAC released an advisory warning government agencies, businesses, and home users of multiple high-risk security issues in PHP that can allow attackers to execute arbitrary code. Furthermore, if the PHP vulnerabilities are not successfully exploited, attackers could still induce a denial-of-service condition rendering the probed servers unusable… The PHP Group has issued fixes in the PHP 7.1.23 and 7.2.11 releases for all the high-risk bugs that could lead to DoS and arbitrary code execution in all vulnerable PHP 7.1 and 7.2 versions before these latest updates.
But meanwhile, Threatpost reported this week that 62% of the world’s web sites are still running PHP version 5 — even though its end of life is December 31st. “The deadlines will not be extended, and
Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Zw8HDBZUn1Y/as-php-group-patches-high-risk-bugs-62-of-sites-still-use-php-5