Author Topic: Millions of Exim Mail Servers Are Currently Being Attacked  (Read 63 times)

Offline Antus67

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 3986
    • View Profile
Millions of Exim Mail Servers Are Currently Being Attacked
« on: June 14, 2019, 03:22:29 am »
Author: Sergiu Gatla

Millions of mail servers running vulnerable Exim mail transfer agent (MTA) versions are currently under siege, with attackers gaining permanent root access via SSH to the exploited machines according to security researchers.

The flaw tracked as CVE-2019-10149 and named "The Return of the WIZard" by Qualys, the research outfit which discovered it, makes it possible for attackers to remotely run arbitrary commands as root — in most cases — on exposed servers after exploitation.

When we first reported about the critical severity vulnerability found in Exim versions 4.87 to 4.91, a quick Shodan search showed that vulnerable versions of Exim were running on more than 4,800,000 machines, with roughly 588,000 servers having already installed the patched Exim 4.92 release.

full article here:

Windows Defender
VoodooShield 5.01
Trojan Remover