Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Millions of email servers could be at risk from Exim security flaw

Best email services: image of email with one unread message alert.

Researchers have discovered a critical vulnerability in the Exim mail transfer agent, which puts roughly 1.5 million email servers at risk of delivering malware to their users. 

Exim is a mail transfer agent (MTA) used on Unix-like operating systems, responsible for routing, delivering, and receiving email messages. As a flexible, and highly configurable agent, Exim is a vastly popular choice among IT teams. 

The researchers from security firm Censys found a vulnerability that hackers can use to bypass protections that usually prevent email messages from delivering attachments that can install apps or run code. The vulnerability is tracked as CVE-2024-39929, and carries a severity rating of 9.1/10 (critical).

Not (yet) abused

“I can confirm this bug,” Exim project team member Heiko Schlittermann wrote on a bug-tracking site, ArsTechnica reported. “It looks like a serious security issue to me.”

Censys says out of roughly 6.5 million public-facing SMTP email servers, 4.8 million are running Exim. Furthermore, 1.5 million are running an old, vulnerable version. So far, there have been no reports of in-the-wild abuse of the vulnerability, but now that it is out in the limelight, it’s only a matter of time before threat actors start scanning the internet for vulnerable instances. 

To make the attack work, the victims would still need to run the attachment and install the malware. However, threat actors have been running some highly sophisticated social engineering attacks lately, which means the risk of infection is very real.

With phishing still being one of the most popular methods of malware delivery, flawed email servers are a highly-regarded commodity. For example, back in 2020, a Russian state-sponsored threat actor abused an Exim flaw, found almost half a year earlier, to gain access to the email server. 

IT teams running Exim should make sure they patch it to 4.98, since this is the first fixed version.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.