Azure Systems Running Exim Exploited

Threat actors have created a worm that exploits the Exim vulnerability, CVE-2019-10149, to take over servers and scan the internet for additional potential victims. Once a system is infected, a cryptocurrency miner is installed. Microsoft reported that Azure infrastructure has been hit by the worm and, while there are controls in place to limit its spread by Azure systems, the machines remain compromised and infected with the cryptocurrency miner. As this vulnerability is actively being exploited, the NJCCIC highly advises users and administrators running Exim to update to version 4.92 as soon as possible after appropriate testing.