Vulnerabilities in Exim mail servers leaving UK firms exposed to hackers

Vulnerabilities in Exim mail servers leaving UK firms exposed to hackers

Exim mail servers

The National Cyber Security Centre has asked UK organisations to immediately upgrade their Exim mail servers as several security vulnerabilities in servers which are running Exim versions 4.87 - 4.92.2 allow hackers to take root access or carry out malicious code injection.

NCSC said that there are around 174,000 Exim mail servers located within the UK and used by organisations that have not been updated to the version 4.92.3 and those servers running versions 4.87 to 4.92.2 feature several exploitable vulnerabilities such as CVE-2019-10149, CVE-2019-15846, and CVE-2019-16928.

These vulnerabilities expose organisations to remote command execution, allow attackers to send malicious Server Name Indication (SNI) during a TLS transfer which, in turn, allows for malicious code injection, and also allow attackers to either crash servers or execute remote code on them.

Organisations are nor pro-active about updating Exim mail servers: NCSC

"Due to the number of Exim devices in the UK that are currently not updated to version 4.92.3, it is likely that many organisations are not proactively keeping up to date with the latest patches ensuring their infrastructure is protected from attack.

"Although these vulnerabilities have primarily been exploited to carry out crypto-currency mining, it is likely that they could be used for further exploitation of and lateral movement within, enterprise networks. The NCSC recommends that organisations update Exim to software version 4.92.3 as soon as possible," the syber security watchdog said.

The CVE-2019-10149 vulnerability, which was first recognised in June this year, allows attackers to compromise devices by executing code remotely on an Exim mail server. By exploiting this flaw, attackers have been carrying out crypto-jacking/crypto-mining campaigns on a regular basis.

Copyright Lyonsdown Limited 2021

Top Articles

Data of 500m LinkedIn users put up for sale on the Dark Web

Detailed personal and professional information associated with 500 million LinkedIn profiles has been put up for sale on a popular dark web forum.

Several EU bodies suffered cyber attacks in March, EU reveals

A number of European Union institutions, including the European Commission, were the targets of cyber attacks in March.

The rise and rise of nation state cyber attacks

There has been a 100% rise in nation state cyber attacks over the last three years with attacks aimed at organizations with high value IP, such as technology and pharmaceutical…

Related Articles