Exim Vulnerability Exploited in Wild

A remote command execution vulnerability, CVE-2019-10149, in Exim – detailed in the June 6 NJCCIC Weekly Bulletin – is being actively exploited by several threat actors. At least two hacking groups were observed targeting Exim servers, with attacks beginning as early as June 9. Exim runs on nearly 57 percent of all email servers. The NJCCIC highly advises administrators of Exim servers update to version 4.92 as soon as possible. More information can be found in the ZDNet article.