EXIM Vuln. - any news?

Hi JoergRiether,

Thanks for reaching out to the Community! 

The internal teams are currently investigating this, and we'll provide an update as soon as more information becomes available. 

Thanks,

How long do they need ?

by the way, the last up2date was 9.705-3. This update is 7 (!) month old !

What the heck are u guys not doin ?

If you dump the utm , then let us know !

Hi Harsh,

I can't see any Exim fixes in the release notes. What am I missing?

Thanks,

Marcel

The Vulnerabilities was disclosed yesterday evening. UTM 9.706 was released two days ago. Therefore it cannot include any kind of fixes. 

so why have the release notes been posted here?

Hi Marcel Bruckner,

The release notes were posted as a response to WolfgangS comment. 

Thanks,

UTM9.706 was built some time ago and is not related to Exim, as it was already finished before Exim vulnerabilities were disclosed. 

I understand. When can we expect news about the newest Exim vulnerabilities?

Hi Marcel Bruckner,

We'll update the following blog post with the new information as it becomes available: 

• Advisory: Multiple Vulnerabilities (AKA 21Nails) in Exim

Thanks,

JFYI: The Advisory was updated with the latest information.

The mentioned  protection IPS rules  are only available on XG 550 or higher models. I would appreciate also release it for models at least +210 or higher. 

Thanks

Can't we have just patched exim-related files and instructions in the meantime? I understand utm has no hotfix option out of the box. But such a critical flaw can't wait for a week.

We just recovered from the hafnium nightmare and this is the next critical issue where we can just sit and wait to be exploited. 

Can't we have just patched exim-related files and instructions in the meantime? I understand utm has no hotfix option out of the box. But such a critical flaw can't wait for a week.

We just recovered from the hafnium nightmare and this is the next critical issue where we can just sit and wait to be exploited.