Microsoft announced this week that Defender Antivirus and System Center Endpoint Protection now provide automatic protection against attacks exploiting the recently disclosed ProxyLogon vulnerabilities in Microsoft Exchange.
“Today, we have taken an additional step to further support our customers who are still vulnerable and have not yet implemented the complete security update. With the latest security intelligence update, Microsoft Defender Antivirus and System Center Endpoint Protection will automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed.” reads the announcement published by Microsoft.
The IT giant early this month released emergency out-of-band security updates for all supported Microsoft Exchange versions that fix four zero-day flaws, a week later the company released patches for unsupported Microsoft Exchange versions.
Microsoft reported that at least one China linked APT group, tracked as HAFNIUM, chained these vulnerabilities to access on-premises Exchange servers to access email accounts, and install backdoors to maintain access to victim environments.
Microsoft also updated MSERT to detect web shells used in attacks against Microsoft Exchange installs, released IOC Detection Tool for Microsoft Exchange Server flaws, and released an Exchange On-premises Mitigation Tool (EOMT) tool to allow small businesses to quickly address the vulnerabilities exploited in the recent attacks.
Microsoft has now implemented the ProxyLogon protection in Defender Antivirus and System Center Endpoint Protection allowing to protect unpatched systems running its antimalware solution.
“Microsoft Defender Antivirus will automatically identify if a vulnerable version of Exchange Server is installed and apply the mitigations the first time the security intelligence update is deployed. The mitigation is deployed once per machine,” Microsoft added.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, Microsoft Defender)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.