Cybercriminals have been exploiting unpatched on-premises versions of Exchange Server 2013, 2016 and 2019 in a recent series of cyberattacks.So far, Microsoft has released a comprehensive security update, a one-click interim Exchange On-Premises Mitigation Tool and step-by-step guidance to help organizations address these attacks.
Now though, the software giant has taken an additional step by configuring Microsoft Defender Antivirus and System Center Endpoint Protection to automatically protect against attacks on vulnerable Exchange Servers. The only thing customers need to do is to ensure they have the latest security intelligence update installed if they don’t already have automatic updates turned on.
While Microsoft has added additional protection to its antivirus and endpoint protection software to mitigate this growing threat, the company pointed out in a new blog post that the Exchange security update is still the most comprehensive way to protect vulnerable servers from these attacks.
Additionally, organizations using Exchange Servers will still need to install the security update even after this mitigation.
Microsoft’s interim mitigation is mainly designed to help protect customers while they take the time to implement the latest Exchange Cumulative Update for their version of Exchange.
If you haven’t installed the latest security update for Exchange, now is the time to do so as cybercriminals have begun to exploit the zero-day vulnerabilities discovered in Microsoft Exchange email server to deliver ransomware to organizations running vulnerable versions of Exchange.