A critical remote code execution vulnerability has been discovered in the popular open-source Exim email server software, leaving at least over half a million email servers vulnerable to remote hackers. Exim is a widely used, open source mail transfer agent (MTA) software developed for Unix-like operating systems such as Linux, Mac OSX or Solaris, which runs almost 60% of the internet's email servers today for routing, delivering and receiving email messages.
Just three months ago, Exim also patched a severe remote command execution vulnerability, tracked as CVE-2019-10149, that was actively exploited in the wild by various groups of hackers to compromise vulnerable servers. The Exim advisory says that a rudimentary proof of concept (PoC) exists for this flaw, but currently there is no known exploit available to the public. Server administrators are highly recommended to install the latest Exim 4.92.2 version immediately, and if not possible, can mitigate the issue by not allowing unpatched Exim servers to accept TLS connections.