Threat: New bug puts 400K servers at risk

A new threat is exposing more than 400,000 servers to malicious activity.

Threat: Versions of the open-source Exim message transfer agent are vulnerable. Exim runs on at least 56% of all publicly accessible mail servers on the Internet.

Damage risk: The flaw allows the program to be tricked into running malicious code by remote hackers. It could also be used in a denial-of-service attack.

Exploited flaw: The buffer overflow in the handling of base64 authentication can be used to send a boobytrapped mail message that then allows bad actors to run arbitrary code remotely.

Fixes/Workarounds: Exim released a security update (version 4.90.1), but many haven’t installed the patch. An estimated 400,000 servers are still at risk, so update your version of Exim to stay secure.


Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy