According to Microsoft, there is now another bright spot around the Exchange security hole. The Defender can now automatically break the chain of attacks in the event of Exchange Server exploits, thus protecting users worldwide.
This is reported by the online magazine Neowin. In the past few weeks, reports of attacks on Exchange servers made the rounds. The actors probably come from circles close to the state in China. Since then, Microsoft has released several patches, tools, and guides to help protect customers from vulnerability and attackers.
Protection from Microsoft Defender Antivirus version 1.333.747.0
Microsoft Defender is now also included to automatically mitigate some of the vulnerabilities. If you have Microsoft Defender Antivirus (Build 1.333.747.0 or higher) installed, you don't have to do anything else. As of this version, Defender automatically protects against the CVE-2021-26855 vulnerability on server instances.
According to Microsoft, this particular vulnerability is a "server-side request forgery (SSRF) vulnerability in Exchange that allows attackers to send arbitrary HTTP requests and authenticate themselves as an Exchange server". The Defender recognizes this and interrupts the inquiries if it is identified. But you shouldn't rely on the Defender alone. Microsoft emphasizes that the best way to protect against the latest exploits is still to apply the patches issued by the company.
The Defender only supports attacks but does not fix the basic problem. It is only a temporary workaround that breaks the chain of attacks so that customers can protect themselves until they have applied the cumulative updates.
0 Comments