Microsoft Urges Azure Customers to Patch Exim Worm

[silversurfer]

Microsoft has urged Azure users to update their systems following the discovery of a major new attack campaign targeting popular email server software.
 
The worm, which Infosecurity reported on last week, targets mail transfer agent product Exim running on Linux-based email servers. It’s claimed that Exim is running on over half (57%) of the world’s email servers, with as many as 3.5 million vulnerable to the new attack.
 
In a security update on Friday, Microsoft confirmed that the attack imperils servers running Exim version 4.87 to 4.91. It said that although Azure has “controls” in place to prevent the spread of the worm, customers could still be vulnerable to infection and should update their systems as soon as possible.
 
“Customers using Azure virtual machines (VMs) are responsible for updating the operating systems running on their VMs. As this vulnerability is being actively exploited by worm activity, MSRC urges customers to observe Azure security best practices and patterns and to patch or restrict network access to VMs running the affected versions of Exim,” Microsoft explained.

SOURCE: https://www.infosecurity-magazine.com/ne...mers-to-1/