Threat: New bug puts 400K servers at risk

A new threat is exposing more than 400,000 servers to malicious activity.

Threat: Versions of the open-source Exim message transfer agent are vulnerable. Exim runs on at least 56% of all publicly accessible mail servers on the Internet.

Damage risk: The flaw allows the program to be tricked into running malicious code by remote hackers. It could also be used in a denial-of-service attack.

Exploited flaw: The buffer overflow in the handling of base64 authentication can be used to send a boobytrapped mail message that then allows bad actors to run arbitrary code remotely.

Fixes/Workarounds: Exim released a security update (version 4.90.1), but many haven’t installed the patch. An estimated 400,000 servers are still at risk, so update your version of Exim to stay secure.

Info: tinyurl.com/exim313

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy