The PHP development team has released the latest version in the PHP 5.2.x series today - version 5.2.6:
This release focuses on improving the stability ofthe PHP 5.2.x branch with over 120 bug fixes, several of which are security related.All users of PHP are encouraged to upgrade to this release. Further details about the PHP 5.2.6 release can be found in the release announcement for 5.2.6, the full list of changes is available in the ChangeLog for PHP 5.
Security updates include prevention of a buffer overflow in FastCGI mode, an integer overflow in printf, correction for a safe_mode bypass method in cURL and the bundling of PCRE 7.6 to update the regular expression functionality of the language.
You can grab this latest release from the downloads page on PHP.net (or your favorite mirror) - both the source and the Windows binaries.