A vulnerability has been discovered in Exim, which could allow for unauthenticated remote attackers to execute arbitrary system commands on the mail server. Exim is a mail transfer agent used to deploy mail servers on Unix-like systems. Successful exploitation of this vulnerability will enable the attacker to perform command execution as root in the context of the mail server. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- The vulnerability is relatively easy to exploit; it’s probable that attackers will be searching for and exploiting vulnerable versions of this software soon. Proof of Concept code is available 
Exim versions prior to 4.92.3 
Apply appropriate patches provided by Exim to vulnerable systems immediately after appropriate testing.
Verify no unauthorized system modifications have occurred on system before applying patch.
Apply the principle of Least Privilege to all systems and services.
Remind users not to open emails, download attachments, or follow links provided by unknown or untrusted sources.