Vulnerability Found in MTA Exim, Could Impact More Than 4.1M Email Systems (Jun 7, 2019)
The remote command execution vulnerability, registered as “CVE-2019-10149,” has been discovered in older versions of mail transfer agent (MTA) Exim, a critical, open source piece of the email infrastructure in many organizations. Present in Exim version 4.87 through 4.91, the vulnerability could allow an attacker to execute commands as root, with no privilege escalation required. Researchers at Qualys have found more than 4.1 million systems are potentially vulnerable to the flaw. According to researchers at Tenable, no exploits have been seen in the wild, though they expect at least proof-of-concept exploits to appear in the near future. A patch has since been released for the vulnerability.
Recommendation: Your company should regularly check the software you use in everyday business practices to ensure that everything is always up-to-date with the latest security features. It is crucial to apply security patches when they become available because once proof-of-concept code for exploits are made available in public sources threat actors often increase their targeting of vulnerable targets.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.