Microsoft Defender reports a vulnerability with the PHP component included with the Symantec Endpoint Protection Manager (SEPM). The following files are referenced in the report:

C:\program files (x86)\symantec\symantec endpoint protection manager\php\php.exe
C:\program files (x86)\symantec\symantec endpoint protection manager\php\php-cgi.exe
C:\program files (x86)\symantec\symantec endpoint protection manager\php\php-win.exe

The SEPM manager is NOT impacted by CVE-2022-37454 (since SHA3 and Keccak XKCP are not in use), but we still recommend you upgrade to 14.3 RU7 to take advantage of the changes.

14.3 RU7 includes the following component upgrades:

• PHP version is now updated to 8.0.27
• Curl version is 7.86.0
• zlib version is 1.2.13