CATEGORIES
home News

Microsoft Warns Azure Users To Patch Linux VMs Now To Thwart Exim Worm Security Threat

by Brandon HillMonday, June 17, 2019, 05:08 PM EDT
Hacking
If you're an Azure customer running Linux Exim email servers, then Microsoft has a warning for you. Over the weekend, it was disclosed that Linux servers numbering in the millions were vulnerability to a critical security vulnerability in the Exim mail transport agent, also known as MTA.

At last count roughly 3.5 million servers were susceptible to a remote execution Linux worm attack according to Cybereason, with the primary attack vector being a coin miner payload (which can present itself in multiple stages). The vulnerability was first disclosed in CVE-2019-10149 on June 5th

Microsoft is warning Azure customers that while Exim 4.92 is not affected, Azure customers running virtual machines with earlier versions of Exim should be vigilant to help stop the spread of the worm.

"Customers using Azure virtual machines (VMs) are responsible for updating the operating systems running on their VMs," writes Microsoft. "As this vulnerability is being actively exploited by worm activity, MSRC urges customers to observe Azure security best practices and patterns and to patch or restrict network access to VMs running the affected versions of Exim.

"We strongly advise that all affected systems – irrespective of whether NSGs are filtering traffic or not – should be updated as soon as possible."

exim

What makes this new worm so pervasive is that once the crypto miner payload and port scanner are downloaded and activated, it will actively look out for other vulnerable servers so that it can further propagate. However, as long as you're running Exim 4.92, you should be protected against this worm.

"It is clear that the attackers went to great lengths to try to hide the intentions of their newly-created worm," Cybereasonadds. "They used hidden services on the TOR network to host their payloads and created deceiving windows icon files in an attempt to throw off researchers and even system administrators who are looking at their logs."

For its part, the developers behind Exim have issued their own response to this slippery worm. "A patch exists already, is being tested, and backported to all versions we released since (and including) 4.87," reads an Exim patch note on CVE-2019-10149. "The severity depends on your configuration.  It depends on how close to the standard configuration your Exim runtime configuration is. The closer the better."

Exim servers account for nearly 60 percent of the email servers on the internet, and affected versions include versions 4.87 through 4.91.

Tags:  Microsoft, Linux, Azure, (nasdaq:msft), exim
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment