Nasty bug with very simple exploit hits PHP just in time for the weekend
![Nasty bug with very simple exploit hits PHP just in time for the weekend](https://cdn.arstechnica.net/wp-content/uploads/2023/07/exploit-vulnerability-security-800x450.jpg)
A critical vulnerability in the PHP programming language can be trivially exploited to execute malicious code on Windows devices, security researchers warned as they urged those affected to take action before the weekend starts.
Within 24 hours of the vulnerability and accompanying patch being published, researchers from the nonprofit security organization Shadowserver reported Internet scans designed to identify servers that are susceptible to attacks. Thatβcombined with (1) the ease of exploitation, (2) the availability of proof-of-concept attack code, (3) the severity of remotely executing code on vulnerable machines, and (4) the widely used XAMPP platform being vulnerable by defaultβhas prompted security practitioners to urge admins check to see if their PHP servers are affected before starting the weekend.
When βBest Fitβ isn't
βA nasty bug with a very simple exploitβperfect for a Friday afternoon,β researchers with security firm WatchTowr wrote.