Russian hackers (BlackEnergy Group/Olympic Destroyer) have started exploiting CVE-2019-10149 (RCE with root privs on Exim mail server) since at least August 2019 - less than a month since the bug was published https://www.bleepingcomputer.com/news/security/nsa-russian-govt-hackers-exploiting-critical-exim-flaw-since-2019/
The attackers exploited the flaw by sending an email with Exploiting the flaw is possible by sending an email email with a command added to the "MAIL FROM:" field

The script used gives the attackers complete access to compromised servers and MySQL databases
Two of the commands, base64-encoded, check running processes for Little Snitch firewall for macOS. Commands are dropped if LS is found
Two of the commands, base64-encoded, check running processes for Little Snitch firewall for macOS. Commands are dropped if LS is found
more tweet-size details in this thread here: https://twitter.com/BleepinComputer/status/1266024197542862849