Microsoft Defender Now Automatically Protects Against Zero-Day Vulnerability in Exchange Server

Microsoft continues to work to address recently discovered vulnerabilities in the Exchange Server used by cybercriminals to attack email accounts of organizations around the world. This time, changes were made to Microsoft Defender’s work, which now automatically removes one of the four zero-day vulnerabilities if it is found.

We are talking about CVE-2021-26855, a server-side request forgery (SSRF) vulnerability in Exchange, exploiting which allows you to send arbitrary HTTP requests and pass authentication. This is one of the four dangerous Exchange Server vulnerabilities that cybercriminals actively use to carry out attacks on different companies and organizations, so Microsoft recommends that users do not delay updating antivirus software.

“ Today, we took an extra step to support our customers who are still using vulnerable Exchange servers and did not have time to install the appropriate security patch. With the latest update, Microsoft Defender Antivirus and System Center Endpoint Protection automatically remediate CVE-2021-26855 on any affected Exchange server where they are deployed. Customers do not need to take any action other than checking that they are using the latest anti-virus software (build 1.333.747.0 or newer), ”Microsoft said in a statement.

The developers also note that the most reliable way to protect Exchange servers from malicious attacks through recently discovered vulnerabilities is to install cumulative updates for this software, which were released earlier this month.