Hm... are you sure you're not misreading the timeline and what happened?
Because as far as I can tell, Qualys did include precise exploit details [1], and the attacks happened 8 days after they did that, meaning in fact the inclusion of source code details would have caused the exploitations in the wild!
Here's the timeline I can find:
CISA reported this vulnerability as being exploited in the wild on June 13 [2]. According to a June 14 article [3], this came one week after Qualys disclosed the bug, which means they must've been referring to the the announcement Qualys made on June 5 [1]. When you look at that announcement, it in fact included full details on how to exploit the vulnerability ("a local attacker can simply send a mail to [...] and execute arbitrary commands") on top of explaining in precise detail the vulnerable piece of code in the (open-source!) source code.
More info on the timeline is in [4]. They refer to a May 27 report, which I cannot find online. I assume it must've been a private disclosure. In any case, it doesn't seem to be what SCMagazine was referring to, given CISA only reported this on June 13 and SCMagazine referred to that on June 14.
So... if I'm reading this right, it seems in fact it almost certainly was the precise exploit details that made the bad guys move quickly. Right?
Because as far as I can tell, Qualys did include precise exploit details [1], and the attacks happened 8 days after they did that, meaning in fact the inclusion of source code details would have caused the exploitations in the wild!
Here's the timeline I can find:
CISA reported this vulnerability as being exploited in the wild on June 13 [2]. According to a June 14 article [3], this came one week after Qualys disclosed the bug, which means they must've been referring to the the announcement Qualys made on June 5 [1]. When you look at that announcement, it in fact included full details on how to exploit the vulnerability ("a local attacker can simply send a mail to [...] and execute arbitrary commands") on top of explaining in precise detail the vulnerable piece of code in the (open-source!) source code.
More info on the timeline is in [4]. They refer to a May 27 report, which I cannot find online. I assume it must've been a private disclosure. In any case, it doesn't seem to be what SCMagazine was referring to, given CISA only reported this on June 13 and SCMagazine referred to that on June 14.
So... if I'm reading this right, it seems in fact it almost certainly was the precise exploit details that made the bad guys move quickly. Right?
[1] https://www.qualys.com/2019/06/05/cve-2019-10149/return-wiza...
[2] https://www.us-cert.gov/ncas/current-activity/2019/06/13/Exi...
[3] https://www.scmagazine.com/home/email-security/exim-vulnerab...
[3] https://www.exim.org/static/doc/security/CVE-2019-10149.txt