Subj : Exim mail servers left open to zero-day attacks for over a year To : All From : TechnologyDaily Date : Mon Oct 02 2023 17:45:04 Exim mail servers left open to zero-day attacks for over a year Date: Mon, 02 Oct 2023 16:32:09 +0000 Description: More than a million servers were exposed for more than a year, with no patch made available. FULL STORY ====================================================================== A major flaw in Exims mail transfer agent (MTA) software has been detected that has gone without a patch for more than a year. Researchers from Trend Micros Zero Day Initiative were tipped off by an anonymous researcher in June last year, about an out-of-bounds write weakness discovered in the SMTP service, BleepingComputer reported. Exim is an MTA that runs in the background of email servers , and hackers can use it to run malware on vulnerable endpoints. Used by Russian hackers That vulnerability is being tracked as CVE-2023-42115, and can be used to crash software and corrupt valuable data, but more importantly - it can be used to run malicious code on vulnerable servers. Exim was reportedly first notified about the flaw in June 2022, and then again in May 2023, but apparently to no avail. Given Exims failure to address it, Trend Micro Zero Day Initiative has now published an advisory describing the flaw, and detailing its discussion with Exim over the months. According to BleepingComputer , MTA servers like Exim are a popular target among hackers as they can be accessed remotely and used to move into the wider corporate network. Its also apparently the worlds most popular MTA software, installed on more than 56% of 602,000 internet-connected mail servers (342,000). This is mostly because it comes bundled with many popular Linux distros including Debian and Red Hat. Three years ago, Sandworm (a Russian state-sponsored threat actor) was using a flaw found in Exim to infiltrate endpoints, the NSA warned at the time. The Russian actors, part of the General Staff Main Intelligence Directorates (GRU) Main Center for Special Technologies (GTsST), have used this exploit to add privileged users, disable network security settings, execute additional scripts for further network exploitation; pretty much any attackers dream access as long as that network is using an unpatched version of Exim MTA, the NSA said. Via BleepingComputer More from TechRadar Pro Russian criminals accused of hacking this top email service Here's a list of the best firewalls today These are the best endpoint protection software right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/exim-mail-servers-left-open-to-zero-day -attacks-for-over-a-year --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .