Multiple high severity vulnerabilities have been discovered within the Exim mail server. The most severe of these vulnerabilities allows remote code execution which could enable a malicious cyber actor to take full control of the vulnerable system. A full list of the vulnerabilities and additional information is available from the related Exim security advisory.
At this time the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has not identified any active exploitation of these vulnerabilities. The ASD’s ACSC has assessed that there is a significant number of Exim mail servers deployed within Australia. Any future successful exploitation of vulnerable Exim servers would have a significant impact to Australian systems and networks.
Mitigation
The ASD’s ACSC strongly recommends that Australian organisations:
- Review their systems and networks for the presence of vulnerable instances of the Exim mail server;
- Apply the appropriate patch as identified by the Exim project in the Exim security advisory.
Assistance
The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. The ASD’s ACSC will update this alert as the situation changes if required. Organisations that have been impacted or require assistance can contact the ASD’s ACSC via 1300 CYBER1.