Exim, a popular Mail Transfer Agent, announced multiple critical vulnerabilities discovered by the Qualys Research Team. These vulnerabilities should be patched as soon as possible.
Businesses have two goals at formation: Serve a purpose and make money. There are many ways to accomplish these goals, but there is one common denominator in every successful business: Security. Security is a concern for every business today, especially since the pandemic and remote work era arrived. As businesses continue to ramp up security measures, there’s a new concern that needs to be addressed. Exim, a popular mail transfer agent (MTA), was found to have multiple critical vulnerabilities.
Last fall, the Qualys Research team conducted a code audit of Exim and discovered 21 unique vulnerabilities, dubbed 21Nails. An estimated 60% of internet servers run Exim, according to a survey, and a Shodan search shows nearly 4 million Exim servers are exposed to the internet. Ten of the 21 vulnerabilities can be exploited remotely, including gaining root privileges, and 11 can be exploited locally. Some of these critical vulnerabilities can be chained together to take over Exim, and possibly even the server housing it.
If someone gains remote root privileges to an Exim server, it is possible for them to modify sensitive email settings, create new accounts, modify data, execute commands and more. Last year, the Exim MTA was targeted by Russian threat actors known as the sandworm team. This shows that before these proof-of-concept vulnerabilities were known, MTAs were a target. The Exim vulnerabilities appear to affect all versions of Exim dating back to 2004, the beginning of its Git history.
When Qualys confirmed the POC vulnerabilities, they disclosed their findings with Exim developers and worked with them to coordinate the announcement. The full technical details can be found here. The team recommends immediate patching of these vulnerabilities by security teams, as do we.
Given the sheer number of Exim servers in use today, it’s likely that your business is affected. It is incredibly important for you to verify if you use one of these servers – check to see how that password reset or thanks- or-signing-up email is sent. Exim is the default on many servers. So if you do use Exim, apply the patches needed. The damage that an attacker can do by getting into your MTA is bad enough, but if they bust through to the greater application server and then onto your network, they can really wreak havoc on your systems.
There are so many things that can happen if your business suffers a data breach. It’s not just about how you handle the situation, although that plays a part. There may be fines, there will be legal fees, there will be increased labor costs to ensure the attackers have been cleared out and damage fixed, downtime causing loss of business, etc. It’s not pretty, and it’s why most businesses don’t survive a data breach. Large corporations like Twitter and Capital One have the assets to survive, but small and medium-sized businesses may not. Patch today!
Do not let the security of your business be the reason your business closes. It’s completely preventable with the right tools, and if you’re not sure what those are, always bring in an expert.