Multiple high severity vulnerabilities have been discovered within the Exim mail server. The most severe of these vulnerabilities allows remote code execution which could enable a malicious cyber actor to take full control of the vulnerable system. A full list of the vulnerabilities and additional information is available from the related Exim security advisory.
At this time the ACSC has not identified any active exploitation of these vulnerabilities. The ACSC has assessed that there is a significant number of Exim mail servers deployed within Australia. Any future successful exploitation of vulnerable Exim servers would have a significant impact to Australian systems and networks.
Mitigation
The ACSC strongly recommends that Australian organisations:
- Review their systems and networks for the presence of vulnerable instances of the Exim mail server;
- Apply the appropriate patch as identified by the Exim project in the Exim security advisory.
Assistance
The ACSC is monitoring the situation and is able to provide assistance and advice as required. The ACSC will update this alert as the situation changes if required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1.
