Home » News » Linux worm infects Azure installations through Exim vulnerability

Linux worm infects Azure installations through Exim vulnerability

Microsoft warned users about a new worm for Linux that spreads through Exim mail servers. According to experts, malware has already compromised a number of Azure installations.

As it was discovered last week, cybercriminals are attacking millions of mail servers with an Exim client installed through CVE-2019-10149 vulnerability.

The problem affects Exim versions from 4.87 to 4.91 and allows an unauthorized attacker remotely executing arbitrary commands on mail servers with certain (non-factory) configuration settings. Although the vulnerability was fixed in February of this year with the release of Exim 4.92, many servers are still vulnerable.

«MSRC (Microsoft Security Response Center) confirmed presence of an active worm for Linux, which uses the critical remote execution vulnerability CVE-2019-10149 in Linux Exim mail servers with Exim versions from 4.87 to 4.91. The vulnerability does not affect Azure users with Exim 4.92 version installed on virtual machines”, – according to a Microsoft notification.

In order to protect itself against possible cyberattacks, company strongly recommends that users update their operating systems on their Azure virtual machines.

There is a partial mitigation for affected systems that can filter or block network traffic via Network Security Groups (NSGs). The affected systems can mitigate Internet-based ‘wormable’ malware or advanced malware threats that could exploit the vulnerability. However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker’s IP Address is permitted through Network Security Groups.

“It is for these reasons that we strongly advise that all affected systems – irrespective of whether NSGs are filtering traffic or not – should be updated as soon as possible”, — insist Microsoft specialists.

Source: https://blogs.technet.microsoft.com

READ  The new version of the Dridex banker slipping from antiviruses
[Total: 0    Average: 0/5]

About Trojan Killer

Carry Trojan Killer Portable on your memory stick. Be sure that you’re able to help your PC resist any cyber threats wherever you go.

Check Also

Extenbro Trojan

Extenbro Trojan replaces DNS and blocks access to antivirus sites

Malwarebytes Labs specialists discovered Extenbro Trojan, which not only replaces DNS for displaying advertisements, but …

GandCrab master keys

FBI released master keys to decrypt all Gandcrab versions

The FBI has released master keys to decrypt files affected by Gandcrab ransomware versions 4, …

Leave a Reply