Microsoft Defender Antivirus now automatically mitigates Exchange Server vulnerabilities | ZDNet
Microsoft Defender Antivirus now automatically mitigates Exchange Server vulnerabilities
Mitigation fixes will be applied automatically in a renewed effort by Microsoft to contain security incidents caused by the bugs.
Charlie Osborne
By Charlie Osborne for Zero Day | March 19, 2021 -- 09:34 GMT (09:34 GMT) | Topic: Security
Microsoft has implemented an automatic mitigation tool within Defender Antivirus to tackle critical vulnerabilities in Exchange Server.
SECURITY
SEC charges US trader for allegedly abusing Twitter to pump cannabis penny stock prices
Cyber security 101: Protect your privacy from hackers, spies, and the government
The best antivirus software and apps
The best VPNs for business and home use
The best security keys for two-factor authentication
Why some governments are getting cyber crime gangs to do their hacking for them (ZDNet YouTube)
On March 18, the Redmond giant said the software will automatically mitigate CVE-2021-26855, a severe vulnerability that is being actively exploited in the wild.
This vulnerability is one of four that can be used in a wider attack chain to compromise on-premise Exchange servers.
Microsoft released emergency fixes for the security flaws on March 2 and warned that a state-sponsored threat group called Hafnium was actively exploiting the bugs, and since then, tens of thousands of organizations are suspected to have been attacked.
At least 10 other advanced persistent threat (APT) groups have jumped on the opportunity slow or fragmented patching has provided.
The implementation of a recent security intelligence update for Microsoft Defender Antivirus and System Center Endpoint Protection means that mitigations will be applied on vulnerable Exchange servers when the software is deployed, without any further input from users.
According to the firm, Microsoft Defender Antivirus will automatically identify if a server is vulnerable and apply the mitigation fix once per machine.
If automatic updates aren't turned on, it is recommended that users manually install the new update and make sure their software is upgraded to at least build 1.333.747.0, or newer. Cloud protection is not required to receive the mitigation fix but the company recommends that this feature is enabled as a matter of best practice.
Earlier this week, Microsoft released a one-click mitigation tool designed to be a way to reduce the risk of exploit on vulnerable servers before full patches can be applied and this update to the firm's antivirus software has been released under the same principle.
The mitigation tool is still readily available as an alternative way to mitigate risk to vulnerable servers if IT admins do not have Defender Antivirus.
"The Exchange security update is still the most comprehensive way to protect your servers from these attacks and others fixed in earlier releases," Microsoft says. "This interim mitigation is designed to help protect customers while they take the time to implement the latest Exchange Cumulative Update for their version of Exchange."
On March 17, Microsoft launched the firm's quarterly cumulative updates for Exchange Server 2016 and Exchange Server 2019 which also contains the security patches required to tackle the critical vulnerabilities.
Mitigation fixes will be applied automatically in a renewed effort by Microsoft to contain security incidents caused by the bugs.
Charlie Osborne
By Charlie Osborne for Zero Day | March 19, 2021 -- 09:34 GMT (09:34 GMT) | Topic: Security
Microsoft has implemented an automatic mitigation tool within Defender Antivirus to tackle critical vulnerabilities in Exchange Server.
SECURITY
SEC charges US trader for allegedly abusing Twitter to pump cannabis penny stock prices
Cyber security 101: Protect your privacy from hackers, spies, and the government
The best antivirus software and apps
The best VPNs for business and home use
The best security keys for two-factor authentication
Why some governments are getting cyber crime gangs to do their hacking for them (ZDNet YouTube)
On March 18, the Redmond giant said the software will automatically mitigate CVE-2021-26855, a severe vulnerability that is being actively exploited in the wild.
This vulnerability is one of four that can be used in a wider attack chain to compromise on-premise Exchange servers.
Microsoft released emergency fixes for the security flaws on March 2 and warned that a state-sponsored threat group called Hafnium was actively exploiting the bugs, and since then, tens of thousands of organizations are suspected to have been attacked.
At least 10 other advanced persistent threat (APT) groups have jumped on the opportunity slow or fragmented patching has provided.
The implementation of a recent security intelligence update for Microsoft Defender Antivirus and System Center Endpoint Protection means that mitigations will be applied on vulnerable Exchange servers when the software is deployed, without any further input from users.
According to the firm, Microsoft Defender Antivirus will automatically identify if a server is vulnerable and apply the mitigation fix once per machine.
If automatic updates aren't turned on, it is recommended that users manually install the new update and make sure their software is upgraded to at least build 1.333.747.0, or newer. Cloud protection is not required to receive the mitigation fix but the company recommends that this feature is enabled as a matter of best practice.
Earlier this week, Microsoft released a one-click mitigation tool designed to be a way to reduce the risk of exploit on vulnerable servers before full patches can be applied and this update to the firm's antivirus software has been released under the same principle.
The mitigation tool is still readily available as an alternative way to mitigate risk to vulnerable servers if IT admins do not have Defender Antivirus.
"The Exchange security update is still the most comprehensive way to protect your servers from these attacks and others fixed in earlier releases," Microsoft says. "This interim mitigation is designed to help protect customers while they take the time to implement the latest Exchange Cumulative Update for their version of Exchange."
On March 17, Microsoft launched the firm's quarterly cumulative updates for Exchange Server 2016 and Exchange Server 2019 which also contains the security patches required to tackle the critical vulnerabilities.