In light of the plethora of cybercriminals who have attempted to attack uncorrected on-site versions of Exchange Server 2013, 2016 and 2019, Microsoft has stepped up its support to customers and partners to secure their environments and respond to associated incidents.
So far, the company has introduced a comprehensive security update, a detailed guide to help combat these attacks, and a one-click temporary Exchange reduction tool for current and unsussigned versions of Exchange servers on-site. The security update involves the recommendation to start the correction by updating all Exchange servers connected or published on the Internet, as attackers exploit HTTPS web access.
For customers who have not yet implemented this upgrade and therefore remain at risk, Microsoft has released an update of security information, including Microsoft Defender Antivirus and System Center Endpoint Protection, which will automatically defend against this threat, CVE-2021-26855, on any vulnerable Exchange affected. server. To enable this feature, customers must either activate automatic updates or simply install the latest security intelligence update 1.333.747.0.
In fact, this security update gives users time to implement Exchange’s latest cumulative update for their Exchange version. In addition, Microsoft intends to work with its security partners to apply similar mitigations for their own products.
For Microsoft customers who may be wondering if the default setting for automatic definition updates is enough to cover this change, they just need to make sure they install Microsoft Defender Antivirus. At this point, the customer will be able to select and add the new detection version 1.333.747.0 or higher.
That said, customers should always ensure that security updates are a top priority for their Exchange server, as many vulnerabilities may still appear. Fortunately, however, in the meantime, Microsoft will automatically detect vulnerable installed Exchange servers and implement all mitigation measures as soon as the customer deploys the security information update. Each affected machine will receive this mitigation.
In addition, while cloud protection is not necessary to achieve this mitigation, such protection is still a useful security measure to protect business and user assets from all dynamic cyber threats. As a result, Microsoft encourages its customers to enable cloud protection for the type of cloud environment their business is using.
Finally, customers who do not yet have the Microsoft Defender antivirus can start by downloading the Microsoft Exchange discount tool to the microsoft Exchange site with one click and immediately run the tool on their Exchange servers. For those who already use Microsoft Safety Scanner, this tool and mitigation tool can be used in unison.