Vulnerabilities in Exim mail servers leaving UK firms exposed to hackers

Vulnerabilities in Exim mail servers leaving UK firms exposed to hackers

Exim mail servers

The National Cyber Security Centre has asked UK organisations to immediately upgrade their Exim mail servers as several security vulnerabilities in servers which are running Exim versions 4.87 – 4.92.2 allow hackers to take root access or carry out malicious code injection.

NCSC said that there are around 174,000 Exim mail servers located within the UK and used by organisations that have not been updated to the version 4.92.3 and those servers running versions 4.87 to 4.92.2 feature several exploitable vulnerabilities such as CVE-2019-10149, CVE-2019-15846, and CVE-2019-16928.

These vulnerabilities expose organisations to remote command execution, allow attackers to send malicious Server Name Indication (SNI) during a TLS transfer which, in turn, allows for malicious code injection, and also allow attackers to either crash servers or execute remote code on them.

Organisations are nor pro-active about updating Exim mail servers: NCSC

“Due to the number of Exim devices in the UK that are currently not updated to version 4.92.3, it is likely that many organisations are not proactively keeping up to date with the latest patches ensuring their infrastructure is protected from attack.

“Although these vulnerabilities have primarily been exploited to carry out crypto-currency mining, it is likely that they could be used for further exploitation of and lateral movement within, enterprise networks. The NCSC recommends that organisations update Exim to software version 4.92.3 as soon as possible,” the syber security watchdog said.

The CVE-2019-10149 vulnerability, which was first recognised in June this year, allows attackers to compromise devices by executing code remotely on an Exim mail server. By exploiting this flaw, attackers have been carrying out crypto-jacking/crypto-mining campaigns on a regular basis.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]