Ulobby

<b>The Ulobby Platform is unaffected.</b>

News reports was posted on june 7, 2024 about a new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide.. (<a href="" target="_blank" rel="nofollow noopener noreferrer">https://www.bleepingcomputer.com/news/security/php-fixes-critical-rce-flaw-impacting-all-versions-for-windows/</a>)

- News reports was posted on june 7, 2024 about a new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide.. (<a href="" target="_blank" rel="nofollow noopener noreferrer">https://www.bleepingcomputer.com/news/security/php-fixes-critical-rce-flaw-impacting-all-versions-for-windows/</a>)

Upon becoming aware of the potential, Ulobby initiated an investigation to determine if the vulnerable versions where deployed on Ulobby servers. This investigation, was concluded on june 8th and found no usage of the vulnerable software, and no action required for Ulobby customers

The vulnerability is related to encoding conversion within the Windows operating system and as none of our systems run on windows they are not influenced and we are positive that the vulnerability does not have implications for our customer data.

As a security precaution we have deployed firewall rules to block attempts to  use the vulnerability and/or scans of our network for exposure to the vulnerability. When triggered the rules are used to identify and block malicious actors (honeypot). So note that if you run scans against our systems, make sure to do so from another network than your users.

- Upon becoming aware of the potential, Ulobby initiated an investigation to determine if the vulnerable versions where deployed on Ulobby servers. This investigation, was concluded on june 8th and found no usage of the vulnerable software, and no action required for Ulobby customers
- The vulnerability is related to encoding conversion within the Windows operating system and as none of our systems run on windows they are not influenced and we are positive that the vulnerability does not have implications for our customer data.
- As a security precaution we have deployed firewall rules to block attempts to  use the vulnerability and/or scans of our network for exposure to the vulnerability. When triggered the rules are used to identify and block malicious actors (honeypot). So note that if you run scans against our systems, make sure to do so from another network than your users.

Customers do not need to take any action.

- Customers do not need to take any action.

<i>We have concluded our research of this vulnerability.</i>

No exposure to CVE-2024-4577 (RCE on PHP for Windows)

Login

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you

What is the vulnerability?

Is Ulobby impacted?

Do I need to do anything?