Home » News » Linux worm infects Azure installations through Exim vulnerability

Linux worm infects Azure installations through Exim vulnerability

Microsoft warned users about a new worm for Linux that spreads through Exim mail servers. According to experts, malware has already compromised a number of Azure installations.

As it was discovered last week, cybercriminals are attacking millions of mail servers with an Exim client installed through CVE-2019-10149 vulnerability.

The problem affects Exim versions from 4.87 to 4.91 and allows an unauthorized attacker remotely executing arbitrary commands on mail servers with certain (non-factory) configuration settings. Although the vulnerability was fixed in February of this year with the release of Exim 4.92, many servers are still vulnerable.

«MSRC (Microsoft Security Response Center) confirmed presence of an active worm for Linux, which uses the critical remote execution vulnerability CVE-2019-10149 in Linux Exim mail servers with Exim versions from 4.87 to 4.91. The vulnerability does not affect Azure users with Exim 4.92 version installed on virtual machines”, – according to a Microsoft notification.

In order to protect itself against possible cyberattacks, company strongly recommends that users update their operating systems on their Azure virtual machines.

There is a partial mitigation for affected systems that can filter or block network traffic via Network Security Groups (NSGs). The affected systems can mitigate Internet-based ‘wormable’ malware or advanced malware threats that could exploit the vulnerability. However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker’s IP Address is permitted through Network Security Groups.

“It is for these reasons that we strongly advise that all affected systems – irrespective of whether NSGs are filtering traffic or not – should be updated as soon as possible”, — insist Microsoft specialists.

Source: https://blogs.technet.microsoft.com

About Trojan Killer

Carry Trojan Killer Portable on your memory stick. Be sure that you’re able to help your PC resist any cyber threats wherever you go.

Check Also

Graboid Spreads Through Docker Containers

Graboid mining worm spreads through Docker containers

Palo Alto Networks experts have discovered the strange crypto-jacking worm Graboid, which spreads through the …

Attackers use Checkm8 jailbreak

Attackers actively use the fresh Checkm8 jailbreak for their own purposes

Cisco Talos experts warned users that attackers are actively using Checkm8 jailbreak. At the end …

Leave a Reply