CyberNews Briefs

New RCE vulnerability impacts nearly half of the internet’s email servers

Qualys researchers have discovered a critical security flaw that renders the majority of all email servers on the web vulnerable to remote command execution (RCE) attacks. The vulnerable service is Exim, a highly popular program that is being used by 57% of all email servers.

Remote command execution is not the same as remote code execution, but the risks are similar. Threat actors could scan the web for vulnerable devices and then take advantage of the flaw in order to take control of affected servers. The report mentions that remote exploitation is probably not a quick and easy job, and may require a hacker to “keep a connection to the vulnerable server open for 7 days (by transmitting one byte every few minutes).” However, the researchers warn that it might be possible for attackers to find faster ways of exploiting the vulnerability.

Read more: New RCE vulnerability impacts nearly half of the internet’s email servers

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.