Microsoft is in damage control mode after revealing that cybercriminals were exploiting vulnerabilities in its Exchange server. Already, it has deployed several patches to correct the flaws. Earlier this week, the company also updated Microsoft Defender Antivirus to avoid critical vulnerabilities.
The company said the update will automatically block CVE-2021-26855, one of the four vulnerabilities used for cyber attacks.
According to a report from Engadget, CVE-2021-26855 serves as the input. Thus, blocking it would make it difficult for cybercriminals to access the other three vulnerabilities. Microsoft has noted that its customers do not need to act beyond ensuring that they have installed the latest version of the Intelligence Update (build 1.333.747.0 or newer) if the updates Automatic updates are not enabled.
The Exchange Security Update remains the most comprehensive way to protect your servers from these and other attacks resolved in previous releases. This interim mitigation is designed to help protect customers while they take the time to implement the latest cumulative update of Exchange for their version of Exchange, the company said in a post.
Prior to the Defender Antivirus update, Microsoft released a one-click mitigation tool for small businesses. The tool is much easier to install for businesses, especially those without dedicated IT security teams.
According to Microsoft, the mitigation tool will help mitigate CVE-2021-26855 on any deployed Exchange server. Microsoft has warned that the tool is not an alternative to the Exchange Security Update, but is a faster and easier way to reduce risk to businesses on the platform.
Earlier this month, Microsoft revealed that cybercriminals were exploiting vulnerabilities in Microsoft Exchange servers to target organizations around the world. According to a CheckPoint report, the United States was the most attacked with 17%, followed by Germany (6%) and the United Kingdom (5%). Businesses in India have also been targeted by criminals who have exploited Exchange Server. He said state sponsored hackers primarily use this vulnerability. The $50 million ransomware deal with Acer, however, suggests that other hacker groups are exploiting it as well.