MDaemon Patch Bulletin - MD041917

EasyBee Exploit Notice

Published April 19, 2017

Summary

The recent release of hacking tools by the Shadow Group contains a number of files which can be used to exploit many different software products. Included in this list was the file, EasyBee, which could be used to potentially exploit MDaemon. EasyBee only targeted MDaemon.

Alt-N has reviewed the MDaemon software and found the following:

  • Older, non-supported versions (v. 9.x – 11.x) are vulnerable to attack
  • Versions 12.x and 13.0 are not vulnerable to the EasyBee executable, but may be vulnerable to the exploit used by EasyBee
  • Versions 13.5 and newer are not vulnerable

If you are using MDaemon v 9.x – v 13.0, Alt-N recommends you take the following action:

  • Upgrade all older, non-supported versions of MDaemon to the newest, most secure version 17
    MDaemon 17 Download
  • If you do not upgrade versions 12.x-13.0, you can download the exploit fix below (see note)

Note:The new DLLs only work with the latest versions of MDaemon 12.0, 12.5, and 13.0. If you are running MDaemon 12.0.1 you must first upgrade to 12.0.6 before using the new dll. 12.5 must be upgraded to 12.5.9 and 13.0 must be upgraded to 13.0.8

MDaemon 12.0.X

Updrade to Version

12.0.6 - Select Your Language

MDaemon 12.5.X

Updrade to Version

12.5.9 - Select Your Language

MDaemon 13.0.X

Updrade to Version

To ensure the greatest level of security for your email, Alt-N recommends using the newest version of its software, which is located in the product download section of altn.com.

You can learn more about the Shadow Brokers release by reading this article.