Millions of email servers could be at risk from Exim security flaw

Hackers could deliver malware to victims via email

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Researchers have discovered a critical vulnerability in the Exim mail transfer agent, which puts roughly 1.5 millionemail serversat risk of deliveringmalwareto their users.

Exim is a mail transfer agent (MTA) used on Unix-likeoperating systems, responsible for routing, delivering, and receiving email messages. As a flexible, and highly configurable agent, Exim is a vastly popular choice among IT teams.

The researchers from security firm Censys found a vulnerability that hackers can use to bypass protections that usually prevent email messages from delivering attachments that can install apps or run code. The vulnerability is tracked as CVE-2024-39929, and carries a severity rating of 9.1/10 (critical).

Not (yet) abused

“I can confirm this bug,” Exim project team member Heiko Schlittermann wrote on a bug-tracking site,ArsTechnicareported. “It looks like a serious security issue to me.”

Censys says out of roughly 6.5 million public-facing SMTP email servers, 4.8 million are running Exim. Furthermore, 1.5 million are running an old, vulnerable version. So far, there have been no reports of in-the-wild abuse of the vulnerability, but now that it is out in the limelight, it’s only a matter of time before threat actors start scanning the internet for vulnerable instances.

To make the attack work, the victims would still need to run the attachment and install themalware. However, threat actors have been running some highly sophisticated social engineering attacks lately, which means the risk of infection is very real.

With phishing still being one of the most popular methods of malware delivery, flawed email servers are a highly-regarded commodity. For example, back in 2020, a Russian state-sponsored threat actor abused an Exim flaw, found almost half a year earlier, to gain access to the email server.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

IT teams running Exim should make sure they patch it to 4.98, since this is the first fixed version.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

3 reasons why PIA fell in our best VPN rankings

Stormforce Pro Creator 0601 workstation review