By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Microsoft issued a warning over the weekend about an active Linux worm that is targeting a recently disclosed Linux Exim mail server vulnerability. Though existing mitigations exist to block the worm functionality of this infection, Microsoft states that Azure servers can still be infected or hacked through this vulnerability. Exim is a very popular mail server software, or message transfer agent (MTA), that is used to send and receive an email for its users. Recently, the CVE-2019-10149 vulnerability was discovered in Exim 4.87 to 4.91 that allows attackers to remotely execute commands on a vulnerable server. Last week, Amit Serper of CyberReason discovered an active worm utilizing this vulnerability to infect Linux servers running Exim with cryptocurrency miners. The worm would then utilize the infected server to search for other vulnerable hosts to infect. In an article posted Saturday, the Microsoft Security Response Center (MSRC) confirms that they have detected this worm targeting Azure customers. "This week, MSRC confirmed the presence of an active Linux worm leveraging a critical Remote Code Execution (RCE) vulnerability, CVE-2019-10149, in Linux Exim email servers running Exim version 4.87 to 4.91," stated a blog post by  JR Aquino, a Microsoft manager in Azure Incident Response. "Azure customers running VMs with Exim 4.92 are not affected by this vulnerability," Microsoft warns, though, that even though the worm functionality is being mitigated, it does not mean that vulnerable Azure server is protected from the remote code execution vulnerability and could still be infected or hacked. Complete details are posted on OUR FORUM.

 

GTranslate