Building 92 at Microsoft’s headquarters in Redmond, Washington. (Coolcaesar via CC BY-SA 4.0)
Microsoft antivirus tools many users already have installed will now automatically mitigate a critical Exchange Server vulnerability, the lynchpin of several recent campaigns to breach on-premises servers.
On Thursday evening, Microsoft announced up-to-date Microsoft Defender Antivirus and System Center Endpoint Protection will now mitigate CVE-2021-26855, one of a chain of four vulnerabilities Microsoft observed hackers exploiting in the wild. While all four were patched earlier this month, and the comprehensive solution is to still install all patches patch, hackers’ current playbook is to use CVE-2021-26855 to set up the other three. Blocking that one vulnerability snips the first link in the chain.
Microsoft said in a statement it would work with other vendors to provide similar features for other brands’ security products.
This is the latest effort from Microsoft to simplify the mitigation process for users who haven’t yet patched their on-premises servers. Microsoft had previously announced a one-click patching tool.
When Microsoft initially announced the vulnerabilities, it did so noting a nation-state group operating out of China had already been exploiting the bug. Since that announcement, researchers have discovered several clusters of breaches on unpatched servers, including from apparent criminal groups.