Threat Advisory: New Vulnerability Affecting Exim Servers
June 13, 2019
A critical remote code execution vulnerability is actively being scanned for and exploited across the Internet. Known as "Return of the WIZard", the vulnerability (tracked under CVE-2019-10149) affects the Exim mail transfer relays (versions 4.87-4.91), which currently operate on more than half of all mail servers on the Internet. The vulnerability was exploited as early as June 9, 2019.
While the difficulty of exploitation varies depending on configuration, the National Vulnerability Database ranks the vulnerability as a 9.8/10 and organizations should apply the necessary patches immediately. Herjavec Group strongly recommends updating to the latest version of Exim (v. 4.92), released February 10, 2019, to prevent potential attacks that exploit the vulnerability.
Herjavec Group Vulnerability Management clients can reference their latest reports for CVE-2019-10149. We are reviewing the most recent scan data and will escalate patches as required.
Herjavec Group is proactively ensuring that applicable signatures are up to date for our Managed Security Services Customers. We are actively engaged for all technology product updates relating to CVE-2019-10149.
If your organization has been affected by the vulnerability, please contact us for Incident Response or compromise assessment support as needed.