The National Computer Emergency Response Team (NCERT) has issued an urgent advisory regarding critical security vulnerabilities discovered in the widely used computer programming language PHP.
The flaws primarily impact Windows systems operating in CGI mode, posing a significant security risk to users and institutions.
According to the advisory, the vulnerabilities could allow hackers to execute malicious code on affected systems, making them susceptible to unauthorized access, data breaches, and system failures.
Exploiting these flaws, attackers may install cryptocurrency miners, remote access Trojans (RATs), and other harmful software.
The advisory further warns that cybercriminals can launch attacks by executing suspicious Windows installer files and remote commands. Additionally, compromised systems may experience unauthorized modifications to firewall settings, increasing their exposure to further security threats.
To mitigate risks, NCERT has recommended that institutions and users immediately disable CGI mode on affected Windows systems. Other key security measures include restricting external access, implementing multi-factor authentication (MFA), and using strong passwords to prevent unauthorized entry.
Continuous monitoring of system logs and the use of endpoint security tools have also been advised as essential steps for ensuring cybersecurity.
Users have been urged to update PHP to its latest version without delay to patch the identified vulnerabilities and prevent potential exploits.
PHP, one of the most commonly used programming languages for web development, powers millions of websites worldwide. The discovery of these security flaws has raised concerns within the cybersecurity community, highlighting the need for proactive measures to safeguard digital infrastructure.
Authorities have stressed the importance of immediate action, warning that failure to address these vulnerabilities could lead to severe consequences, including data theft and operational disruptions.
