Adrian Johnson
TLDR:
- More than 1.5 million email servers are vulnerable to a critical security flaw in Exim mail transfer agent.
- The vulnerability, tracked as CVE-2024-39929, allows threat actors to bypass security protections and deliver executable attachments to user accounts.
A recent finding by security researchers highlights a critical vulnerability in the Exim mail transfer agent, impacting over 1.5 million email servers. This vulnerability, known as CVE-2024-39929, poses a significant risk with a severity rating of 9.1 out of 10. It allows attackers to bypass security mechanisms and deliver malicious executable attachments via email. The vulnerability affects all versions of Exim up to 4.97.1, and a fix is available in Release Candidate 3 of Exim 4.98.
While there have been no reports of active exploitation yet, the large number of vulnerable servers makes them potential targets for threat actors. Past incidents, such as the 2019 exploitation of a similar Exim vulnerability by the Kremlin-backed Sandworm group, serve as a reminder of the risks. Administrators are strongly advised to update their Exim installations to mitigate the risk of exploitation.
Steps to patch the vulnerability include identifying the specific vulnerability affecting the system, downloading the latest patch, backing up the system, and applying the patch following specific steps for Linux-based systems. By updating to the latest version of Exim, administrators can protect their systems against this and other vulnerabilities.
It is crucial for administrators to take proactive measures to secure their email servers and protect user accounts from potential attacks exploiting the Exim Mali Server Vulnerability.
