Software bugs are often exploited to gain unauthorized access or privileges on a system. The way these vulnerabilities are exploited strongly depends on the nature of the flaw and the motives of the attacker. Vendors release patches, regularly to manage these complications. However, a new capability built-in Microsoft Defender antivirus will mitigate Exchange server vulnerabilities automatically.
Microsoft Defender manages Exchange server vulnerabilities automatically.
The Exchange security update continues to remain the most comprehensive way to protect customers’ servers from cyber threats and attacks. The new interim mitigation measure takes it a step further. It helps protect customers as they plan to implement the latest Exchange Cumulative Update for their version of Exchange.
we have taken an additional step to further support our customers who are still vulnerable and have not yet implemented the complete security update. With the latest security intelligence update, Microsoft Defender Antivirus and System Center Endpoint Protection will automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed.
Microsoft Defender Antivirus will automatically scan a server for vulnerability and apply the mitigation fix once per machine Customers do not need to take action beyond ensuring they have installed the latest security intelligence update if they do not have the automatic updates enabled.
Although no cloud protection is required to receive the mitigation. Enabling it is good practice to keep a user with the most current protections against the ever-changing threat environment. As such, Microsoft encourages customers to enable cloud protection.
The company also highlighted in a statement that it would work with other vendors to provide similar features for its brand’s security products. It had also previously announced a one-click patching tool.
That’s all there is to it!
For more information, you can visit this Microsoft Security blog page.