So, users are strongly recommended to apply November security patches as soon as possible to keep hackers and cybercriminals away from taking control of their computers.
Since this component has a number of security issues which can be easily exploited, disabling it could be the best way to ensure your system security.
The researcher has also included a proof-of-concept (Po C) exploit for this vulnerability as well, making Exim server run out of stack and crash.
Both vulnerabilities reside in Exim version 4.88 and 4.89, and sysadmins are recommended to update their mail transfer agent application Exim version 4.90 released on Git Hub.
I know, that was fast—even before its public disclosure.
Interestingly, one such malware is on its way to affect you.
It should be noted that the above-mentioned Bitcoin address hasn't received any payment yet, which apparently means that this ransomware has not yet been used to target people.
Moreover, this ransomware is currently using the same hard-coded password: "I’m Qk [email protected]! Exploitation of this vulnerability requires opening a specially crafted malicious file with an affected version of Microsoft Office or Microsoft Word Pad software.
Imgur Chief Operating Officer (COO) then alerted the company's founder and the Vice President of Engineering to the issue before began working to validate that the data belonged to Imgur users.
After completing the data validation, the company confirmed Friday morning that the 2014 data breach impacted approximately 1.7 million Imgur user accounts (a small fraction of its 150 million user base) and that the compromised information included only email addresses and passwords.
This vulnerability could be exploited to take complete control over a system when combined with Windows Kernel privilege escalation exploits (like CVE-2017-11847).