Microsoft Defender now automatically mitigates a major issue used by Exchange attackers

News
By
published

Microsoft continues to address vulnerabilities utilized by Exchange Server attackers.

Microsoft logo
Microsoft logo (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • Microsoft Defender now mitigates a vulnerability affecting Exchange servers.
  • The tool specifically mitigates CVE-2021-26855, one of four issues utilized in the attacks on Exchange servers.
  • Microsoft Defender will mitigate the issue automatically as long as automatic updates are turned on.

Microsoft continues to take steps to address vulnerabilities utilized by the recent attacks on its Exchange Server software. The company released emergency fixes on March 2 and released a one-click mitigation tool to reduce the risk of an attack on vulnerable servers. Now, Microsoft has updated Microsoft Defender to address a vulnerability.

Microsoft Defender Antivirus and System Center Endpoint Protection will now automatically mitigate one issue on vulnerable Exchange Servers. Microsoft outlines the step in a security blog post (via ZDNet):

Today, we have taken an additional step to further support our customers who are still vulnerable and have not yet implemented the complete security update. With the latest security intelligence update, Microsoft Defender Antivirus and System Center Endpoint Protection will automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed. Customers do not need to take action beyond ensuring they have installed the latest security intelligence update (build 1.333.747.0 or newer), if they do not already have automatic updates turned on.

Specifically, Microsoft Defender automatically mitigates CVE-2021-26855, which is a severe vulnerability. It is one of four vulnerabilities related to the attack on Exchange servers.

Microsoft emphasizes that the Exchange security update is a better way to protect servers:

The Exchange security update is still the most comprehensive way to protect your servers from these attacks and others fixed in earlier releases. This interim mitigation is designed to help protect customers while they take the time to implement the latest Exchange Cumulative Update for their version of Exchange.

Recent reports state that threat actors are increasing their attacks on vulnerable servers. People who manage servers should check to see if their systems have been affected and take appropriate action to address any issues.

CATEGORIES
Sean Endicott
Sean Endicott
News Writer and apps editor

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.