03-19-2021 , 01:23 PM
Quote:Microsoft Defender Antivirus will now protect unpatched on-premises Exchange servers from ongoing attacks by automatically mitigating the actively exploited CVE-2021-26855 vulnerability.
Customers running System Center Endpoint Protection on their servers will also be protected through the same automated mitigation process.
"The Exchange security update is still the most comprehensive way to protect your servers from these attacks and others fixed in earlier releases," Microsoft said.
"This interim mitigation is designed to help protect customers while they take the time to implement the latest Exchange Cumulative Update for their version of Exchange."
ProxyLogon automatic mitigation
The Microsoft Defender automatic protection from active attacks targeting unpatched Exchange servers works by breaking the attack chain.
It automatically mitigates CVE-2021-26855 via a URL Rewrite configuration and scans the servers for changes made by previous attacks, automatically reversing them.
"With the latest security intelligence update, Microsoft Defender Antivirus and System Center Endpoint Protection will automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed," Microsoft added.
"Customers do not need to take action beyond ensuring they have installed the latest security intelligence update (build 1.333.747.0 or newer), if they do not already have automatic updates turned on."
Microsoft has published ProxyLogon security updates for Microsoft Exchange Server 2019, 2016, and 2013, as well as step-by-step guidance to help address these ongoing attacks.
Redmond has also released a one-click Exchange On-Premises Mitigation Tool to help small business owners mitigate these actively exploited vulnerabilities in current and out-of-support versions of on-premises Exchange Servers.
Continue reading HERE