Cybersecurity Alerts Highlight a Critical Vulnerability and an Important Reminder

Both the US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued warnings about a critical vulnerability in email servers. Learn about this vulnerability and an important reminder highlighted by the alerts.

Usually the US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) issue alerts when new cybersecurity threats emerge. But on May 28, 2020, these agencies did something different. They issued alerts for cyberattacks that have been occurring for nearly a year.

Back on May 27, 2019, a critical vulnerability (CVE-2019-10149) was found in Exim mail transfer agents (MTAs), versions 4.87 to 4.91. (MTAs are used to transfer emails between senders’ and recipients’ computing devices.) Exim quickly patched the vulnerability, releasing it to the public just nine days later on June 5, 2019. The vulnerability was disclosed to the public on that day as well.

Less than a week after its disclosure, hackers began exploiting the vulnerability in unpatched Exim email servers. The attacks continued, prompting companies like Microsoft to issue alerts. The situation escalated in August 2019, when Russian military cyber actors known as Sandworm began exploiting it, according to the NSA. Sandworm used the vulnerability to add privileged users, disable network security settings, change configurations to enable additional remote access, and execute other malicious code.

Since August 2019, Sandworm has continued to exploit the CVE-2019-10149 vulnerability, prompting both the NSA and CISA to issue their May 28, 2020, advisories. Sandworm has had many targets from which to choose. More than 75,000 email servers are still running the unpatched versions of Exim (versions 4.87 to 4.91).

Therein lies the problem. Had organizations patched their email servers by upgrading to at least version 4.92, Sandworm would not have had any servers to hack the last 10 months. So, if your company’s email server is using the Exim MTA, make sure it is upgraded to version 4.92 or later.

Just as important, no matter whether your company is using Exim MTA or not, make sure that all your software on all your computing devices is up to date. Patching known vulnerabilities is a crucial component in protecting your business from cyberattacks.


WAMS, Inc.

The experts at WAMS, Inc. all have a background in the legal industry and understand the software and the demands that come along with it. That’s why all our clients receive a dedicated account manager and engineer with specific planning that works for your business needs. We didn’t break into the tech world to pinch pennies from clients. We go into every partnership to help their business scale gracefully. Your company growth is our company growth, always.