Security News > 2021 > March > Microsoft Defender adds automatic Exchange ProxyLogon mitigation
Microsoft Defender Antivirus will now protect unpatched on-premises Exchange servers from ongoing attacks by automatically mitigating the actively exploited CVE-2021-26855 vulnerability.
The Microsoft Defender automatic protection from active attacks targeting unpatched Exchange servers works by breaking the attack chain.
"With the latest security intelligence update, Microsoft Defender Antivirus and System Center Endpoint Protection will automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed," Microsoft added.
Microsoft has published ProxyLogon security updates for Microsoft Exchange Server 2019, 2016, and 2013, as well as step-by-step guidance to help address these ongoing attacks.
Redmond has also released a one-click Exchange On-Premises Mitigation Tool to help small business owners mitigate these actively exploited vulnerabilities in current and out-of-support versions of on-premises Exchange Servers.
Earlier this month, Microsoft disclosed that four zero-days were being used in attacks against Microsoft Exchange.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-03 | CVE-2021-26855 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 9.1 |