For the past couple of weeks, news about on-premises Exchange Servers being under attack from state-sponsored groups as well as other malicious actors have been making the rounds. Since then, Microsoft has released multiple patches, tools, and guidance to aid customers in protecting their server instances. Now, the firm is enabling Microsoft Defender Antivirus to automatically mitigate some of these vulnerabilities.
Customers who have Microsoft Defender Antivirus build 1.333.747.0 or later installed do not have to do anything, but they will automatically be protected against CVE-2021-26855 on Exchange server instances where they are deployed. As explained by Microsoft earlier this month, this particular vulnerability is a "server-side request forgery (SSRF) vulnerability in Exchange which allowed the attacker to send arbitrary HTTP requests and authenticate as the Exchange server".
That said, Microsoft has emphasized that the optimal method to secure yourself against the recent exploits is still to install the patches that the company has issued. This is just a temporary workaround which breaks the attack chain so customers can protect themselves partially as they apply cumulative updates.
The firm has also highlighted that the automatic mitigation will be deployed once per machine and that customers who don't have Defender Antivirus installed should instead use the one-click mitigation tool. It is important to note that Exchange Online is not affected by these vulnerabilities and exploits.
1 Comment - Add comment