Itpa webheader

Exim vulnerability now being exploited


By Dylan Bushell-Embling
Monday, 17 June, 2019


Exim vulnerability now being exploited

The Exim vulnerability that potentially affects more than half the world's mail servers is now actively being exploited in attacks.

Microsoft issued a security alert on Friday detailing a newly discovered worm targeting Linux Exim email servers running the vulnerable versions — 4.87 to 4.91.

The worm has also infected some customers running virtual machines on Azure servers. Microsoft said Azure has controls in place to help limit the spread of the worm, but customers using the vulnerable software could still be susceptible to infection.

Microsoft is urging customers to restrict access to virtual machines running older versions of Exim, and to upgrade to the newest Exim 4.92 version right away.

An estimated 57% of the internet’s email servers are Exim servers, according to Cybereason.

The security company said in a blog post that the vulnerability appears to have been used by at least two hacking groups in separate rounds of attack.

According to reports, the first wave of attacks commenced on 9 June, when a hacking group started pushing exploits from a command and control server on the open web. The second wave of attacks involved the use of a private authentication key installed on the target machine for root authentication.

Image credit: ©xiaoliangge/Dollar Photo Club

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.

Related News

Neglecting IT training can have "astronomical" costs

Failing to provide IT employees with quality training can cause significant costs for businesses,...

BlueKeep exploit released into the wild

An exploit for the BlueKeep Windows vulnerability has been released by the open source Metasploit...

Government seeks feedback on cybersecurity strategy

The Australian Government is seeking feedback on a new cybersecurity strategy to help businesses...


  • All content Copyright © 2019 Westwick-Farrow Pty Ltd