The PHP library included to OfficeScan (OSCE) 10.6 is version 3.5.3 and is vulnerable to the following security issues reported in 2011:
This security issue is the latest one that requires an update to 5.3.16: http://secunia.com/advisories/47806/.
To resolve the issue, update the PHP version to 5.3.16. Choose the option below that applies:
- Install IIS and make sure the cgi has been selected.
- Download and install PHP 5.3.16.
Download PHP 5.3.16 Non Thread Safe package (44.61 MB) with sha1: 74e4e6ed83b6b14c3c7af6b10281885d77196e75.
- Install OSCE 10.6.
- Install PHP 5.3.28. IIS needs to use the version php-5.3.28-nts-Win32-VC9-x86.
- On the Web Server Setup window, select IISFastCGI and then click Next.
- Select the following extensions:
- PHP_MBSTRING(Multi-Byte String)
- Go to Fresh Open Source Software Archive and download ext/php_com_dotnet.dll.
- Copy php_com_dotnet.dll to C:\Program Files (x86)\PHP\ext.
- Modify PHP.ini under C:\Program Files (x86)\PHP by adding the following at the bottom:
- Restart IIS.