Microsoft Defender will now automatically break the attack chain in Exchange Server exploits

For the past couple of weeks, news about on-premises Exchange Servers being under attack from state-sponsored groups as well as other malicious actors have been making the rounds. Since then, Microsoft has released multiple patches, tools, and guidance to aid customers in protecting their server instances. Now, the firm is enabling Microsoft Defender Antivirus to automatically mitigate some of these vulnerabilities.

A notification window showing Microsoft Defender&039s mitigation message about Exchange Server

Customers who have Microsoft Defender Antivirus build 1.333.747.0 or later installed do not have to do anything, but they will automatically be protected against CVE-2021-26855 on Exchange server instances where they are deployed. As explained by Microsoft earlier this month, this particular vulnerability is a "server-side request forgery (SSRF) vulnerability in Exchange which allowed the attacker to send arbitrary HTTP requests and authenticate as the Exchange server".

That said, Microsoft has emphasized that the optimal method to secure yourself against the recent exploits is still to install the patches that the company has issued. This is just a temporary workaround which breaks the attack chain so customers can protect themselves partially as they apply cumulative updates.

The firm has also highlighted that the automatic mitigation will be deployed once per machine and that customers who don't have Defender Antivirus installed should instead use the one-click mitigation tool. It is important to note that Exchange Online is not affected by these vulnerabilities and exploits.

Report a problem with article
oneplus watch
Next Article

OnePlus Watch design revealed ahead of launch event

An ape and a dinosaur having an interview in front of a stadium
Previous Article

Telegram's Voice Chats 2.0 brings the feature to Channels

1 Comments - Add comment

Advertisement