Security News > 2021 > March > Microsoft Defender adds automatic Exchange ProxyLogon mitigation

Microsoft Defender adds automatic Exchange ProxyLogon mitigation
2021-03-19 11:40

Microsoft Defender Antivirus will now protect unpatched on-premises Exchange servers from ongoing attacks by automatically mitigating the actively exploited CVE-2021-26855 vulnerability.

The Microsoft Defender automatic protection from active attacks targeting unpatched Exchange servers works by breaking the attack chain.

"With the latest security intelligence update, Microsoft Defender Antivirus and System Center Endpoint Protection will automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed," Microsoft added.

Microsoft has published ProxyLogon security updates for Microsoft Exchange Server 2019, 2016, and 2013, as well as step-by-step guidance to help address these ongoing attacks.

Redmond has also released a one-click Exchange On-Premises Mitigation Tool to help small business owners mitigate these actively exploited vulnerabilities in current and out-of-support versions of on-premises Exchange Servers.

Earlier this month, Microsoft disclosed that four zero-days were being used in attacks against Microsoft Exchange.


News URL

https://www.bleepingcomputer.com/news/security/microsoft-defender-adds-automatic-exchange-proxylogon-mitigation/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-03-03 CVE-2021-26855 Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Remote Code Execution Vulnerability
network
low complexity
microsoft CWE-918
critical
9.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 703 780 4543 4591 3624 13538