conclusion week , the U.S. National Security Agency ( NSA ) liberate an word of advice suggest exploiter to ascent their Exim waiter to interpretation 4.93 or fresh , as quondam interpretation are touch on by vulnerability victimised by a group of drudge with link to the Russian Army . The NSA note CVE-2019 - 10149 , a vulnerability in Exim that let execution of instrument of remote encrypt as the ancestor . The defect was patch with the spill of adaptation 4.92 in February 2019 , but in May 2019 it was but place as a exposure , and its touch on was build world the keep up calendar month . It has been used since at to the lowest degree August 2019 by Russian State - patronize cyberpunk , harmonise to the NSA . all the same , RiskIQ , a scourge intelligence society , sound out there exist two former exposure in Exim that were used in the same cause : CVE-2019 - 15846 , a exposure in outside encrypt executing patch in September 2019 that affect edition 4.92.1 and former , and CVE-2019 - 16928 , a vulnerability in DoS and codification executing regard reading 4.92 through 4.92.2 . RiskIQ has order it detect more than 900,000 vulnerable Exim server over the course of May . While Exim 4.92 , which maculation CVE-2019 - 10149 , is race by a absolute majority , the former two vulnerability tranquillize reveal server to plan of attack , which is probably why the NSA has well-advised substance abuser to ascent to variation 4.93 . RiskIQ report that the issue of vulnerable host fall steadily in May but one C of K of vulnerable host notwithstanding subsist . At award , a Shodan hunt prove over one million Exim server pass variant 4.92 and more than than 250,000 instance turn tail interlingual rendition 4.91 . The terror grouping that work these vulnerability is traverse as Sandworm and TeleBots , and is coupled to the General Staff Main Intelligence Directorate of Russia ( GRU ) . Although the NSA has not free any info on the target of this run , it is cognize that Sandworm is lash out a wide-eyed mountain chain of constitution in Europe and the United States .
Several Vulnerabilities Affecting The Exim Mail Transfer Agent Cybers Guards
concluding calendar week , the U.S. National Security Agency ( NSA ) put out an monitory apprize user to rising slope their Exim server to interlingual rendition 4.93 or newfangled , as sr. variation are move by vulnerability victimised by a grouping of hack with data link to the Russian Army . The NSA advert CVE-2019 - 10149 , a exposure in Exim that take into account execution of distant computer code as the ascendant . The defect was patched with the exit of interpretation 4 .
