Security News > 2021 > March > Automatically mitigate ProxyLogon, detect IoCs associated with SolarWinds attackers’ activities

Automatically mitigate ProxyLogon, detect IoCs associated with SolarWinds attackers’ activities
2021-03-19 12:07

Microsoft has updated its Defender Antivirus to mitigate the ProxyLogon flaw on vulnerable Exchange Servers automatically, while the Cybersecurity and Infrastructure Security Agency has released CHIRP, a forensic tool that can help defenders find IoCs associated with the SolarWinds attackers' activities.

Microsoft is determined to do everything in its power to make sure that as many Exchange Servers as possible are made safe from exploits that start with the exploitation of ProxyLogon, the vulnerability recently leveraged by attackers to breach on-premises Microsoft Exchange Servers around the world.

"With the latest security intelligence update, Microsoft Defender Antivirus and System Center Endpoint Protection will automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed. Customers do not need to take action beyond ensuring they have installed the latest security intelligence update, if they do not already have automatic updates turned on," the Microsoft 365 Defender Team explained.

The company notes, both the updates and the one-click tool only mitigate CVE-2021-26855, not the rest of the vulnerabilities exploited in the escalating attacks on Exchange servers, so "Customers should still prioritize getting current on security updates for Exchange Server to comprehensively address the vulnerabilities."

Detect IoCs associated with SolarWinds attackers' activities.

Persistence mechanisms identified as associated with the SolarWinds attackers' efforts.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/jgxRW3AQTp4/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-03-03 CVE-2021-26855 Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Remote Code Execution Vulnerability
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 44 0 80 95 40 215