Itpa webheader

Exim vulnerability now being exploited

By Dylan Bushell-Embling
Monday, 17 June, 2019

Exim vulnerability now being exploited

The Exim vulnerability that potentially affects more than half the world's mail servers is now actively being exploited in attacks.

Microsoft issued a security alert on Friday detailing a newly discovered worm targeting Linux Exim email servers running the vulnerable versions — 4.87 to 4.91.

The worm has also infected some customers running virtual machines on Azure servers. Microsoft said Azure has controls in place to help limit the spread of the worm, but customers using the vulnerable software could still be susceptible to infection.

Microsoft is urging customers to restrict access to virtual machines running older versions of Exim, and to upgrade to the newest Exim 4.92 version right away.

An estimated 57% of the internet’s email servers are Exim servers, according to Cybereason.

The security company said in a blog post that the vulnerability appears to have been used by at least two hacking groups in separate rounds of attack.

According to reports, the first wave of attacks commenced on 9 June, when a hacking group started pushing exploits from a command and control server on the open web. The second wave of attacks involved the use of a private authentication key installed on the target machine for root authentication.

Image credit: ©xiaoliangge/Dollar Photo Club

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to

Related News

Cryogenic chip step towards viable quantum computers

Inrel's new cryogenic control chip could bring us closer to a practical, commercially viable...

ITPA member survey — please participate!

We want your help to improve our member services, so please take two minutes to fill in our short...

Microsoft names next Windows 10 feature update

The company has released the Windows 10 Insider Preview Build 19033 in both the fast and slow...

  • All content Copyright © 2019 Westwick-Farrow Pty Ltd