Microsoft Defender automatically prevents Exchange Server exploits |
Microsoft Defender can now automatically mitigate Exchange Server vulnerabilities because Microsoft added an automatic mitigation tool to its antivirus software to fix critical Exchange Server vulnerabilities.
Ever since Microsoft discovered that malicious actors were exploiting four Exchange Server vulnerabilities, security measures have been taken.
The final step is a Microsoft Defender update to automatically mitigate CVE-2021-26855 (most of the four vulnerabilities).
Since it is an entry point that can benefit from the other three vulnerabilities, preventing criminals from taking advantage of them is a priority.
For Microsoft Defender, customers don't have to do anything to protect servers from attackers.
According to the company, Microsoft Defender will automatically determine if servers are vulnerable and apply corrective action to mitigate damage once per device.
However, the software giant cautioned that this is only a temporary relief to help protect customers as they implement the full Exchange Server security update released earlier this month.
Microsoft also released a relatively easy-to-use one-click mitigation tool for small businesses that aims to reduce the risk of exploiting vulnerable servers before applying the full patch.
This tool can mitigate known attacks that use CEV-2021-26855 to scan Exchange Server and restore changes made by identified threats.
When Microsoft released a patch for an Exchange Server vulnerability, it said: Most of the attacks that exploit this vulnerability were carried out by Hafnium, a Chinese state-sponsored organization.
The organization is believed to have penetrated at least 30,000 organizations in the United States, including police departments, hospitals, government agencies, banks and credit unions.
Other organizations can also exploit these vulnerabilities, including the ransomware gang that allegedly hostaged Acer data for $ 50 million.