Google is alerting organizations about a zero-day vulnerability in Zimbra mail servers currently being exploited. While a security update is not yet available, there is a fix that administrators need to implement manually. Zimbra acknowledged the issue in a security bulletin, but they did not report any active exploitation of the vulnerability.
Google’s Maddie Stone announced on Twitter that this zero-day vulnerability was discovered during a targeted attack. Zimbra is a collaborative software suite that includes mail server software and a webmail client. It’s used by over 200,000 organizations globally. Zimbra did not share details about the vulnerability other than it exists in version 8.8.15 and could impact the “confidentiality and integrity” of the data. Organizations can protect themselves until a patch is available by altering a parameter for all mailbox nodes.
Zimbra mail servers have been frequent targets of attacks. Earlier this year, the U.S. government warned about an actively exploited cross-site scripting (XSS) vulnerability in Zimbra webmail that allowed attackers to steal user login credentials and access mailboxes. Late last year, antivirus company Kaspersky reported that attackers had taken over nearly 900 Zimbra mail servers through a critical vulnerability.