Critical Remote Code Execution Vulnerability Patched in Exim Email Server
Exim recently patched a critical vulnerability that could enable threat actors to execute arbitrary code on servers running certain versions of the company’s software. The flaw, tracked as CVE-2019-16928, put numerous systems at risk, for Exim is used by 57% of all email servers worldwide. Exim versions 4.92, 4.92.1 and 4.92.2 are all vulnerable, so users are urged to update their servers to Exim 4.92.3.
Last month, Exim patched another flaw that could enable attackers to run malicious code on impacted servers with administrative (root) privileges. That vulnerability affected servers running Exim version 4.92.1 or an older version. It was also revealed last month that a new ransomware strain dubbed Lilocked or Lilu was targeting servers running outdated instances of Exim.