More than 1.563 million internet-exposed Exim mail transfer agent servers are susceptible to potential exploitation of an already patched critical vulnerability, tracked as CVE-2024-39929, which could be leveraged to evade email security defenses and prompt the delivery of malicious executable attachments, The Hacker News reports.
The U.S., Russia, and Canada accounted for most of the vulnerable Exim servers, which are on versions 4.97.1 or earlier, according to a report from Censys. "The vulnerability could allow a remote attacker to bypass filename extension blocking protection measures and deliver executable attachments directly to end-users' mailboxes. If a user were to download or run one of these malicious files, the system could be compromised," said Censys researchers, who urged immediate remediation of the flaw even if active exploitation is yet to be reported. Such a report follows the discovery of half a dozen flaws in the free mail transfer agent, which could be exploited for remote code execution and information disclosure.
