Microsoft has implemented one security measure after another since discovering that bad actors exploited four zero-day flaws in Exchange Server. The latest step is to update the Microsoft Defender Antivirus so that it automatically mitigates CVE-2021-26855, which is the most important of the four vulnerabilities. Since this is the access point to exploit the other three shortcomings, the priority is to prevent offenders from exploiting them. Customers do not have to do anything to start Defender to protect their servers from attackers – that is, except to install the latest security intelligence update if they have not enabled automatic updates.
However, the technology giant warns that this is only an interim mitigation meant to protect customers while they are in the midst of implementing the comprehensive security update for Exchange that it launched earlier this month. While the original patches may be slightly complicated to implement, Microsoft has also released a “one-click” softening tool for small businesses that is relatively easier to use. The tool can mitigate known attacks that exploit CEV-2021-26855, scan Exchange servers, and try to reverse the changes identified by the threats.
When Microsoft announced the patches for the Exchange vulnerabilities, it said that most of the attacks that exploited the flaws were carried out by a Chinese state-sponsored group called Hafnium. The group is believed to have infiltrated at least 30,000 organizations in the US, including police departments, hospitals, government agencies, banks and credit unions. Other groups may also have exploited the vulnerabilities, including the loose money gang that reportedly took $ 50 million hostage.