Microsoft continues to roll out fixes to the Exchange Server vulnerabilities and help customers protect their environment, this time with a security intelligence update to Microsoft Defender and Antivirus.
According to Microsoft, the new update will automatically mitigate CVE-2021-26855, a remote code execution vulnerability that’s part of an attack chain that allows an unauthorized user to gain access to an organization’s Exchange Server and maintain a persistence presence. Microsoft first disclosed the vulnerabilities earlier this month, first attributing the attacks to a Chinese nation-state threat actor.
Specifically, the vulnerability automatically detected by Defender is “is a server-side request forgery (SSRF) vulnerability in Exchange which allowed the attacker to send arbitrary HTTP requests and authenticate as the Exchange server,” according to Microsoft.
With new update for Microsoft Defender, customer will not need to take action beyond making sure they have the latest security intelligence update installed. However, the comprehensive Exchange security update that the company released when it disclosed the vulnerabilities are still the most comprehensive way to protect servers from these attacks and mitigate the other three vulnerabilities.
“This interim mitigation is designed to help protect customers while they take the time to implement the latest Exchange Cumulative Update for their version of Exchange,” Microsoft said in a new security blog.
The company said it will also provide guidance to its security partners so they can make similar mitigations available to their customers.
According to Microsoft, this automatic mitigation breaks the attack chain by mitigating the main vulnerability that allows access in the first place, but customers still need to apply the Exchange Server security updates.
This comes after Microsoft released a one-click mitigation tool and updates for previous versions of Exchange Server in recent days and weeks.
Continue to stay up to date on this story and check Microsoft’s Security Response Center blog for more information.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply