Hi, cheers Alex
as it happens dev5 is just around the corner with 1.3.24 (now .26
) & apaxhe2.0.36 (now .39) so I will not be doing anything as such about existing versions except send an advisory to those who choose to receive notification when downloading phpdev & I will put a note on the site as well.
on windows unless you have MSVCC etc applying a patch is not an option and a full upgrade of the server is required.
dev5 is structured differently in that it will be possible in the future to 'upgrade' rather than download everything and start again so issues like this should not be such a pain in the butt.
As for the exploit itself... I have had a grope around and have yet to find an example of the exploit at kiddie level although I am sure it will turn up eventually - security-space reckon a couple of days for the pros