Last month I wrote about the importance of keep our systems updated against a similar vulnerability in Windows remote desktop protocal. This vulnerabilty has fewer potential systems, but every system is affected by the flow of email. According to SecuritySiFu, a critical new remote command execution (RCE) security flaw impacts over half of the Internet’s email servers, security researchers from Qualys have revealed today.

The vulnerability affects Exim, a mail transfer agent (MTA), which is software that runs on email servers to relay emails from senders to recipients.

According to a June 2019 survey of all mail servers visible on the Internet, 57% (507,389) of all email servers run Exim — although different reports would put the number of Exim installations at ten times that number, at 5.4 million. This sounds like a bit of an exaggeration, and an overstatement that takes away some of the gravity of the situation

They get to this 5.4 million number by including millions of devices that are part of the so called Internet of Things (IoT)  like security cameras, wireless routers and even gas pumps and such that use Linux. Yet the threat really is greater from email compromised much more easily. What are you doing about that?