Security News > 2021 > March > Microsoft Defender Antivirus Now Protects Users Against Ongoing Exchange Attacks

Microsoft informed customers on Thursday that Defender Antivirus and System Center Endpoint Protection now provide automatic protection against attacks exploiting the recently disclosed Exchange Server vulnerabilities.

Microsoft has released patches, detailed guidance, and a one-click mitigation tool to ensure that Exchange Server users are protected against attacks.

When Microsoft disclosed the flaws and announced patches in early March, it warned that a threat actor linked to China had been exploiting them in attacks.

On March 12, Microsoft reported that more than 80,000 Exchange servers had still not been updated.

As threat actors increasingly start to target these vulnerabilities, Microsoft has now decided to release a security intelligence update for Defender Antivirus and System Center Endpoint Protection, which according to the company "Breaks the attack chain by mitigating CVE-2021-26855," the first vulnerability exploited in the ProxyLogon chain.

"Microsoft Defender Antivirus will automatically identify if a vulnerable version of Exchange Server is installed and apply the mitigations the first time the security intelligence update is deployed. The mitigation is deployed once per machine," Microsoft explained.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/T2LIwFCaheI/microsoft-defender-antivirus-now-protects-users-against-ongoing-exchange-attacks