Exim vulnerability now being exploited
The Exim vulnerability that potentially affects more than half the world's mail servers is now actively being exploited in attacks.
Microsoft issued a security alert on Friday detailing a newly discovered worm targeting Linux Exim email servers running the vulnerable versions — 4.87 to 4.91.
The worm has also infected some customers running virtual machines on Azure servers. Microsoft said Azure has controls in place to help limit the spread of the worm, but customers using the vulnerable software could still be susceptible to infection.
Microsoft is urging customers to restrict access to virtual machines running older versions of Exim, and to upgrade to the newest Exim 4.92 version right away.
An estimated 57% of the internet’s email servers are Exim servers, according to Cybereason.
The security company said in a blog post that the vulnerability appears to have been used by at least two hacking groups in separate rounds of attack.
According to reports, the first wave of attacks commenced on 9 June, when a hacking group started pushing exploits from a command and control server on the open web. The second wave of attacks involved the use of a private authentication key installed on the target machine for root authentication.
Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.
Don't miss ITPA's inaugural Breakfast Briefing, North Sydney, 14 August, where you'll...
linux.conf.au 2020 organisers have issued an invitation to IT professionals for proposals for...
Microsoft has reversed course on planned changes to its partner incentive program which would see...