Microsoft Defender automatically prevents Exchange Server exploitation

Microsoft Defender automatically prevents Exchange Server exploitation

Microsoft Defender now automatically mitigates vulnerabilities in Exchange Server, she added a company Microsoft is an automatic mitigation tool inside the antivirus to address critical vulnerabilities in Exchange Server.

Microsoft has been rolling out security measures since it discovered that bad actors were exploiting four flaws in Exchange Server.

Its latest step is to update Microsoft Defender so that it automatically mitigates CVE-2021-26855, the most severe of the four vulnerabilities.

Given that it is It acts as an entry point To be able to exploit the other three shortcomings, preventing perpetrators from being able to take advantage of them is a priority.

And customers don’t need to do anything for Microsoft Defender to start protecting the servers from attackers.

According to the company, Microsoft Defender automatically determines if the server is vulnerable and applies a mitigation fix one time per device.

However, the software giant warns that this is only a temporary relief aimed at protecting customers as they implement the extensive security update for Exchange Server released earlier this month.

Microsoft also released a relatively easy-to-use one-click mitigation tool for small businesses designed as a way to reduce the risk of exploitation by vulnerable servers before full patches are applied.

The tool can mitigate known attacks that exploit CEV-2021-26855, scan Exchange Server and attempt to reverse any changes made by the threats it identifies.

When Microsoft announced patches for security flaws in the Exchange Server, it said: Most of the attacks that exploited the flaws were carried out by a state-sponsored Chinese group called Hafnium.

The group is believed to have infiltrated at least 30,000 organizations in the United States, including police departments, hospitals, government agencies, banks and credit unions.

Other groups may also have exploited the vulnerabilities, including the ransomware gang that is said to be Acer data kidnapped a hostage for $ 50 million.

Leave a Reply