REDMOND, Wash.–Microsoft has been rolling out a series of security measures in response to the discovery scammers had exploited four zero-day flaws in its Exchange Server.
The vulnerability has reportedly affected some credit unions that have yet to be identified, as CUToday.info reported here.
Microsoft’s latest step is to update the Microsoft Defender Antivirus so that it automatically mitigates CVE-2021-26855, which is the most critical vulnerability among the four, according to Yahoo.
“Since it serves as the entry point to be able to exploit the three other flaws, preventing perpetrators from being able to take advantage of it takes priority,” Yahoo reported. “Customers don't need to do anything for Defender to start protecting their servers from attackers — that is, other than installing the latest security intelligence update if they don't have automatic updates turned on.”
An Interim Step
The report notes, however, that this is just an interim mitigation meant to protect customers while they're in the midst of implementing the comprehensive security update for Exchange it released earlier this month.
“While the original patches could be a bit complicated to deploy, Microsoft has also released a "one-click" mitigation tool for small companies that's relatively easier use,” Yahoo reported. “The tool can mitigate against known attacks that exploit CEV-2021-26855, scan Exchange servers and attempt to reverse any changes made by the threats it identifies.”
China Allegedly Behind Attacks
As CUToday.info reported, the attacks on the Microsoft server have reportedly been carried out by a Chinese state-sponsored group called Hafnium. It's believed that the group infiltrated at least 30,000 organizations in the US, including police departments, hospitals, government agencies, banks and credit unions.