Microsoft has been rolling out one security measure after another ever since it discovered that bad actors have been exploiting four zero—day flaws in Exchange Server. Its latest step is updating the Microsoft Defender Antivirus so that it automatically mitigates CVE-2021-26855, which is the most critical vulnerability among the four. Since it serves as the entry point to be able to exploit the three other flaws, preventing perpetrators from being able to take advantage of it takes priority. Customers don't need to do anything for Defender to start protecting their servers from attackers — that is, other than installing the latest security intelligence update if they don't have automatic updates turned on.
The tech giant warns, however, that this is just an interim mitigation meant to protect customers while they're in the midst of implementing the comprehensive security update for Exchange it released earlier this month. While the original patches could be a bit complicated to deploy, Microsoft has also released a "one-click" mitigation tool for small companies that's relatively easier use. The tool can mitigate against known attacks that exploit CEV-2021-26855, scan Exchange servers and attempt to reverse any changes made by the threats it identifies.
When Microsoft announced the patches for the Exchange vulnerabilities, it said most of the attacks that exploited the flaws were carried out by a Chinese state-sponsored group called Hafnium. It's believed that the group infiltrated at least 30,000 organizations in the US, including police departments, hospitals, government agencies, banks and credit unions. Other groups may have also exploited the vulnerabilities, though, including the ransomware gang that's reportedly holing Acer data hostage for $50 million.