versions

A critical vulnerability has been found in millions of Exim servers which once exploited can enable potential attacker to run arbitrary code with root privileges. All versions of Exim servers up to and including 4.92.1 that accept TLS connections are vulnerable, according to Exim team. “The vulnerability is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake. The exploit exists as a POC,” wrote Exim in a recent advisory. The Exim team on September 4 published a warning on OSS Security mailing list regarding the security bug that was affecting Exim. On Friday, the team released the version 4.92.2 to address the critical issue. This vulnerability in the Exim server (CVE-2019-15846) was discovered in July by a security researcher called “Zerons”. It allows an unauthenticated attacker to take advantage of the TLS ServerName Indicator and use this to send malicious code on servers that accept TLS connections. The Exim software is a mail…
Read more

Filed under Web Hosting News by on #

During hardening the security of Remote Desktop Services, Microsoft security team has found a couple of new critical Remote Code Execution (RCE) vulnerabilities. The new vulnerabilities— CVE-2019-1181 and CVE-2019-1182, are also wormable like the recently fixed BlueKeep vulnerability. This means that the future malware that exploits these vulnerabilities can propagate from one vulnerable system to another without any user interaction. According to Microsoft, the following versions of the Windows are affected by the newly discovered vulnerabilities: Windows 7 SP1 Windows Server 2008 R2 SP1 Windows Server 2012 Windows 8.1 Windows Server 2012 R2 All supported versions of Windows 10, including server versions. The tech giant mentioned that the Remote Desktop Protocol (RDP) itself isn’t affected. These versions are not affected by the new wormable vulnerabilities—Windows XP, Windows Server 2003, and Windows Server 2008. The previously patched BlueKeep vulnerability also exists in the RDP…
Read more

Filed under Web Hosting News by on #

At the DEF CON 27 security conference in Las Vegas, Eclypsium security research team uncovered serious security flaws in more than 40 device drivers from 20 different vendors. These flaws could allow attackers to deploy malware on the vulnerable devices. “Drivers that provide access to system BIOS or system components for the purposes of updating firmware, running diagnostics, or customizing options on the component can allow attackers to turn the very tools used to manage a system into powerful threats that can escalate privileges and persist invisibly on the host,” Eclypsium wrote in its report. These drivers can provide an attacker the most privileged access that can be used to launch malicious actions within all versions of Windows including Windows Kernel. All the affected drivers are certified by Microsoft. In a statement to ZDNet, Mickey Shkatov, Principal Researcher at Eclypsium noted that the design flaw in Windows device drivers have a functionality that can be misused to…
Read more

Filed under Web Hosting News by on #

Last month, Microsoft had released fixes for a critical Remote Code Execution vulnerability (CVE-2019-0708), called BlueKeep. This vulnerability was found in Remote Desktop Services, affecting some older versions of Windows. The tech giant has now warned that an exploit exists for this vulnerability. According to an internet-scale port scanner, nearly one million devices on the public internet are vulnerable to BlueKeep. “Future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017,” wrote Microsoft in a blog post. Which versions of Windows are affected by BlueKeep vulnerability? The following Windows systems are vulnerable to CVE-2019-0708 BlueKeep: Windows 2003 Windows XP Windows 7 Windows Server 2008 R2 Windows Server 2008 Users of Windows 8 and Windows 10 are not affected by this vulnerability. How can BlueKeep vulnerability affect users? If a vulnerable…
Read more

Filed under Web Hosting News by on #

The prominent database provider MariaDB has unveiled a new enterprise-grade server to provide high stability and security for mission-critical applications. Announced at MariaDB OpenWorks conference in New York, the new MariaDB Enterprise Server comes with influential auditing, and faster and reliable backups for large databases. It will provide an end-to-end encryption for all the data in MariaDB clusters, so that production workloads can’t be compromised by anyone. Enterprises currently use MariaDB Community Server for specific demands. The features available with new MariaDB Enterprise Server are not available with Community Server. To allow customers on older releases to access new features, the company has backported the new server to earlier supported versions. MariaDB Enterprise Server aims to provide a strengthened database solution to organizations, for production-grade environments. It will assure quality and test performance at scale for the enterprise applications. “We’re…
Read more

Filed under Web Hosting News by on #

SOUTHFIELD, MICH. – Future Hosting, a managed server hosting provider, has warned server hosting clients that PHP 5.6 and PHP 7 will not receive security updates after the end of 2018. Servers running unsupported versions of PHP are at risk if vulnerabilities are discovered after that date.

PHP is the most common server-side language on the web. Many of the most popular content management systems and eCommerce applications use PHP, including WordPress, WooCommerce, Joomla, Magento, Drupal, and more. Almost 80% of websites use some version of PHP. In spite of its upcoming end-of-life, PHP 5.6 remains the most widely used version of PHP, with around 60% of websites using PHP 5.6 today.


PHP’s developers will not support PHP 5.6 after December 31, 2018. PHP 7 reaches the end of its life earlier, on December 3, 2018. That means there will be no further work on either version. Bugs will not be fixed and security vulnerabilities will not be patched.

Support for PHP 5.6 was initially planned to end early last year. The deadline was extended because of its popularity. But December is the end of the line — there will be no further extensions.

“As a server hosting provider, we host thousands of WordPress sites and other sites built on PHP and PHP frameworks,“ said Maulesh Patel, VP of Operations of Future Hosting. “We’re concerned that a large percentage of the web will run on an unsupported platform. Bad actors will scrutinize PHP 5.6, and the vulnerabilities they discover will not be patched.”

Many site owners, developers, and hosting providers are reluctant to update to the newest version of PHP. The upgrade process can be time-consuming and may cause issues for busy production sites. Vulnerabilities in PHP itself are rarely to blame for security problems, but running unsupported software is always a risk.

Many content management systems will continue to support PHP 5.6 past its official end of life. WordPress still supports PHP 5.2, which was officially retired eight years ago. It is important to note that CMS support refers to backward compatibility, not to security support. Although content management systems will run on unsupported versions of PHP, they will not be protected from any vulnerabilities in those versions.

About Future Hosting, LLC
Founded in 2001, Future Hosting is a privately held leading Internet solutions provider specializing in managed hosting, including Dedicated Servers, Virtual Private Servers, and Hybrid Virtual Private Servers. The company has built a strong reputation for its high-quality service, innovative pricing models, and 3-hour Service Level Agreement. Future Hosting is based in Southfield, Michigan. For more information, visit http://www.futurehosting.com

Read more

Filed under Web Hosting News by on #