Microsoft advises Azure customers to update Exim to avoid a Linux worm

Microsoft has issued a warning to Azure customers using Linux Exim email servers running Exim version 4.87 to 4.91.

The company explains that these versions of Exim are vulnerable to a critical Remote Code Execution (RCE) security flaw and need to be updated to prevent the spread of a worm.

See also:

• OpenMandriva Lx 4.0 Linux distro is here, and there is a special AMD-only version
• Microsoft Edge could come to Linux
• Microsoft releases Windows 10 20H1 Build 18917 with Windows Subsystem for Linux 2 (WSL 2)

The security vulnerability in question is CVE-2019-10149, and Microsoft stresses that Azure customers running virtual machines with Exim 4.92 are not at risk. On top of this, there are also controls in Azure to help prevent the worm spreading, but Microsoft says that "customers using the vulnerable software would still be susceptible to infection".

In a blog post in the Microsoft Security Response Center, JR Aquino says:

Customers using Azure virtual machines (VMs) are responsible for updating the operating systems running on their VMs. As this vulnerability is being actively exploited by worm activity, MSRC urges customers to observe Azure security best practices and patterns and to patch or restrict network access to VMs running the affected versions of Exim.

There is a partial mitigation for affected systems that can filter or block network traffic via Network Security Groups (NSGs). The affected systems can mitigate Internet-based 'wormable' malware or advanced malware threats that could exploit the vulnerability. However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker's IP Address is permitted through Network Security Groups.

It is for these reasons that we strongly advise that all affected systems -- irrespective of whether NSGs are filtering traffic or not -- should be updated as soon as possible.

The advice is simple: get updated to Exim 4.92 immediately.