The Download
Security firm Censys warned that 1.5 million Exim mail transfer agents (MTAs) were vulnerable to an attack that can bypass the security filters employed by those agents. The vulnerability (CVE-2024-39929) now has a patch from Exim developers and affects all versions up to 4.97.1. Security mail filters are deployed by MTAs to block suspicious email like phishing and spearphishing attempts. Filters are a primary defense to prevent malicious email from reaching users. With this attack, an attacker can now bypass the filters and their phishing attacks can fly straight through to end users' mailboxes.
Debian Linux uses the Exim MTA as its default mail transfer agent. As a result, this vulnerability has a massive attack surface. Historically, MTAs have been exploited before by nation state adversaries to attack organizations.
What You Can Do
Mail transfer agents comprise part of the external attack surface for organizations. Because Exim is included in the default Debian Linux server, it is possible if not likely you may be running this server. We recommend using ThreatMate's automated pen testing as a service (PTaaS) solution to thoroughly test your external attack surface.
To Learn More: