Microsoft announced its Defender now integrates an automatic mitigation tool to protect against exploitation of ProxyLogon vulnerabilities in the Exchange Server.
From now on, Defender can automatically mitigate a critical vulnerability tracked as CVE-2021-26855 that is being actively exploited in the wild and led to tens of thousands of private and state companies attacked. This vulnerability is one of the four flaws that attackers exploited in a wide series of attacks to compromise on-premise Exchange servers.
On March 2, Microsoft warned that Hafnium, a state-sponsored threat group, and at least 10 other advanced persistent threat (APT) groups were actively exploiting the bugs. The company urged to apply its recent cumulative updates for Exchange Server 2016 and Exchange Server 2019 and update the Defender tool. Earlier last week, Microsoft released a one-click mitigation tool to find traces of compromise on Exchange Servers and remove the malware.
The most recent security update for Microsoft Defender Antivirus and System Center Endpoint Protection means that Windows will protect vulnerable Exchange servers automatically after the software is updated.
According to Microsoft, Defender will automatically identify if a server is vulnerable and apply the necessary fixes once per machine.
Users are advised to turn on automatic updates and if they aren’t turned on, that users manually install the new update and make sure their software is upgraded to at least build 1.333.747.0. The company recommends that the Cloud protection feature is enabled as best practice.
The one-click mitigation tool is still available as alternative protection if IT admins do not have Defender Antivirus. And the CUs are the best way to protect the servers, Microsoft said.
“The Exchange security update is still the most comprehensive way to protect your servers from these attacks and others fixed in earlier releases,” Microsoft says. “This interim mitigation is designed to help protect customers while they take the time to implement the latest Exchange Cumulative Update for their version of Exchange.”