Microsoft has implemented one security measure after another, since it discovered that the wrongdoers have been exploiting four zero-day flaws in Exchange Server. Its most recent step is to update Microsoft Defender Antivirus so that it automatically mitigates CVE-2021-26855, which is the most critical vulnerability among the four. Since it serves as an entry point to explore the other three flaws, it is a priority to prevent criminals from taking advantage. Customers don’t have to do anything to get Defender to start protecting their servers from attackers – that is, in addition to installing the latest security intelligence update if they don’t have automatic updates enabled.
The tech giant warns, however, that this is just an interim mitigation designed to protect customers while they are implementing the comprehensive Exchange security update released earlier this month. While the original patches can be a little tricky to deploy, Microsoft has also launched a “one-click” mitigation tool for small businesses that is relatively easier to use. The tool can mitigate known attacks that exploit CEV-2021-26855, scan Exchange servers and attempt to reverse any changes made by the threats it identifies.
When Microsoft announced patches for Exchange vulnerabilities, it said that most attacks that exploited the flaws were carried out by a Chinese state-sponsored group called Hafnium. The group is believed to have infiltrated at least 30,000 organizations in the United States, including police departments, hospitals, government agencies, banks and credit unions. Other groups may also have exploited the vulnerabilities, however, including the ransomware gang that allegedly stole data from Acer as a hostage for $ 50 million.