Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Microsoft Defender adds automatic Exchange ProxyLogon mitigation
#1
Quote:Microsoft Defender Antivirus will now protect unpatched on-premises Exchange servers from ongoing attacks by automatically mitigating the actively exploited CVE-2021-26855 vulnerability.

Customers running System Center Endpoint Protection on their servers will also be protected through the same automated mitigation process.


"The Exchange security update is still the most comprehensive way to protect your servers from these attacks and others fixed in earlier releases," Microsoft said.

"This interim mitigation is designed to help protect customers while they take the time to implement the latest Exchange Cumulative Update for their version of Exchange."

ProxyLogon automatic mitigation

The Microsoft Defender automatic protection from active attacks targeting unpatched Exchange servers works by breaking the attack chain.

It automatically mitigates CVE-2021-26855 via a URL Rewrite configuration and scans the servers for changes made by previous attacks, automatically reversing them.

"With the latest security intelligence update, Microsoft Defender Antivirus and System Center Endpoint Protection will automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed," Microsoft added.

"Customers do not need to take action beyond ensuring they have installed the latest security intelligence update (build 1.333.747.0 or newer), if they do not already have automatic updates turned on."

Microsoft has published ProxyLogon security updates for Microsoft Exchange Server 2019, 2016, and 2013, as well as step-by-step guidance to help address these ongoing attacks.

Redmond has also released a one-click Exchange On-Premises Mitigation Tool to help small business owners mitigate these actively exploited vulnerabilities in current and out-of-support versions of on-premises Exchange Servers.

Continue reading HERE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Ransomware gang uses new Microsoft Exchange exploit to breach servers tarekma7 0 770 12-21-2022 , 09:00 AM
Last Post: tarekma7
  Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits tarekma7 0 1,228 03-12-2021 , 04:13 PM
Last Post: tarekma7
  RTM Cybergang Adds New Quoter Ransomware to Crime Spree Bjyda 0 1,831 03-05-2021 , 12:23 AM
Last Post: Bjyda
  Microsoft says China-backed hackers are exploiting Exchange zero-days Bjyda 0 1,189 03-03-2021 , 11:39 PM
Last Post: Bjyda
  Microsoft Defender can ironically be used to download malware mrtrout 0 1,108 09-04-2020 , 02:05 AM
Last Post: mrtrout



Users browsing this thread: 2 Guest(s)