Microsoft was deployment one security measure after another since it discovered bad actors were exploiting four zero-day vulnerabilities in Exchange Server. Its final step is to update Microsoft Defender Antivirus so that it automatically mitigates CVE-2021-26855, which is the most critical vulnerability among the four. Since he serves as an entrance The point of being able to exploit the other three flaws, preventing the authors from being able to take advantage of them is a priority. Customers do not need to do anything to get Defender to start protecting their servers from attackers, other than installing the latest Security Intelligence update if they haven’t. not enabled automatic updates.
The tech giant warns, however, that this is only a temporary mitigation meant to protect customers while they are in the process of implementing the full security update for Exchange released earlier. this month. Although the original fixes can be a bit complicated to deploy, Microsoft has also released a one-click mitigation tool for small businesses, it is relatively easier to use. The tool can mitigate known attacks that exploit CEV-2021-26855, scan Exchange servers, and attempt to reverse changes made by threats it identifies.
When Microsoft announced the fixes for the Exchange vulnerabilities, it said most of the attacks that exploited the vulnerabilities were carried out by a Chinese state-sponsored group called Hafnium. It is believed that the group infiltrate at least 30,000 organizations in the United States, including police departments, hospitals, government agencies, banks, and credit unions. However, other groups may have exploited the vulnerabilities as well, including the ransomware gang which, it seems, Acer data hostage for $ 50 million.