There is a remote exploit in the wild for PHP 5.4.3 in Windows, which takes advantage of a vulnerability in the com_print_typeinfo function. The php engine needs to execute the malicious code, which can include any shellcode like the the ones that bind a shell to a port.
Since there is no patch available for this vulnerability yet, you might want to do the following:
Block any file upload function in your php applications to avoid risks of exploit code execution.
Use your IPS to filter known shellcodes like the ones included in metasploit.
Keep PHP in the current available version, so you can know that you are not a possible target for any other vulnerability like CVE-2012-2336 registered at the beginning of the month.
Use your HIPS to block any possible buffer overflow in your system.
Manuel Humberto Santander Pelez
SANS Internet Storm Center - Handler
e-mail: msantand at isc dot sans dot org
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.