Microsoft has been rolling out one security measure after another ever since it discovered that bad actors have been exploiting four zero day flaws in Exchange Server. Its latest step is updating the Microsoft Defender Antivirus so that it automatically mitigates CVE-2021-26855, which is the most critical vulnerability among the four.
The implementation of a recent security intelligence update for Microsoft Defender Antivirus and System Center Endpoint Protection means that mitigations will be applied on vulnerable Exchange servers when the software is deployed, without any further input from users.
According to the firm, Microsoft Defender Antivirus will automatically identify if a server is vulnerable and apply the mitigation fix once per machine.
If automatic updates aren’t turned on, it is recommended that users manually install the new update and make sure their software is upgraded to at least build 1.333.747.0, or newer. Cloud protection is not required to receive the mitigation fix but the company recommends that this feature is enabled as a matter of best practice.
Earlier this week, Microsoft released a one-click mitigation tool designed to be a way to reduce the risk of exploit on vulnerable servers before full patches can be applied and this update to the firm’s antivirus software has been released under the same principle.
The mitigation tool is still readily available as an alternative way to mitigate risk to vulnerable servers if IT admins do not have Defender Antivirus.
“The Exchange security update is still the most comprehensive way to protect your servers from these attacks and others fixed in earlier releases,” Microsoft says. “This interim mitigation is designed to help protect customers while they take the time to implement the latest Exchange Cumulative Update for their version of Exchange.”
When Microsoft announced the patches for the Exchange vulnerabilities, it said most of the attacks that exploited the flaws were carried out by a Chinese state-sponsored group called Hafnium. It’s believed that the group infiltrated at least 30,000 organizations in the US, including police departments, hospitals, government agencies, banks and credit unions. Other groups may have also exploited the vulnerabilities, though, including the ransomware gang that’s reportedly holing Acer data hostage for $50 million.
