Exim Worm Found Targeting Azure Customers

security Governance trends

Microsoft has issued a warning regarding an active Linux worm targeting recently disclosed critical RCE vulnerability (CVE-2019-10149) in Linux Exim email servers.

The CVE-2019-10149 is a Remote Code Execution flaw affecting Exim version 4.87 to 4.91. The flaw allows remote attackers to execute commands on the target machine.

Recently security researcher Amit Serper of CyberReason discovered an active campaign leveraging CVE-2019-10149 flaw to infect Linux Exim servers and gain remote control.

After infection, the worm searches the internet for other machines to infect and initiates a crypto miner.

Now Microsoft has confirmed Azure customers are targeted by this campaign.

“This week, MSRC confirmed the presence of an active Linux worm leveraging a critical Remote Code Execution (RCE) vulnerability, CVE-2019-10149, in Linux Exim email servers running Exim version 4.87 to 4.91”

Even though Microsoft has placed new restrictions to combat spam which can limit the spread of this worm, MSRC warns Azure servers are still vulnerable to this infection.

Microsoft advised affected customers to use  Network Security Groups (NSGs) to filter or block traffic to their servers. But systems are still vulnerable to flaw if the attacker’s IP Address is permitted through Network Security Groups. 

“Microsoft suggests that Azure customers utilize Network Security Groups (NSGs) to filter or block traffic to their servers. Aquino warns, though, that if the NSG contains a list of IP addresses that are permitted to access the server, these IP addresses could still be used to remotely execute commands on a vulnerable server.” said in the advisory published by MSRC

So all the Azure users are advised to update Exim mail servers to version 4.92  immediately.

For the latest cyber threats and the latest hacking news please follow us on FacebookLinkedin and Twitter.

You may be interested in reading: New GandCrab Ransomware Campaign Targets MySQL Servers on Windows


Please rate this content