Microsoft Defender Antivirus Now Automatically Mitigates Exchange Server Vulnerabilities

"Microsoft has implemented an automatic mitigation tool within Defender Antivirus to tackle critical vulnerabilities in Exchange Server," reports ZDNet: On March 18, the Redmond giant said the software will automatically mitigate CVE-2021-26855, a severe vulnerability that is being actively exploited in the wild. This vulnerability is one of four that can be used in a wider attack chain to compromise on-premise Exchange servers.

Microsoft released emergency fixes for the security flaws on March 2 and warned that a state-sponsored threat group called Hafnium was actively exploiting the bugs, and since then, tens of thousands of organizations are suspected to have been attacked. At least 10 other advanced persistent threat (APT) groups have jumped on the opportunity slow or fragmented patching has provided.

The implementation of a recent security intelligence update for Microsoft Defender Antivirus and System Center Endpoint Protection means that mitigations will be applied on vulnerable Exchange servers when the software is deployed, without any further input from users. According to the firm, Microsoft Defender Antivirus will automatically identify if a server is vulnerable and apply the mitigation fix once per machine.
The article also points out Microsoft also released a one-click mitigation tool earlier this week, which is "still readily available as an alternative way to mitigate risk to vulnerable servers if IT admins do not have Defender Antivirus."

Too late?

[manu0601]

Is there any vulnerable system left not compromised?

Re:

[Tom]

The ones that crashed too often for the exploit to complete running, maybe?

In other news, guess what also mitigates it?

[Indy1]

Postfix / Dovecot

Far more secure, far more reliable, and far cheaper.

Also happens to be fully SMTP and IMAP compliant.

Re:In other news, guess what also mitigates it?

[olmsfam]

=CVE-2017-14461 2018-04-03 A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server. =CVE-2019-11500 2019-09-06 In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution. =CVE-2019-7524 2019-03-28 In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components. oh and linux didn't automatically try to fix the holes for me, I had to run some crappy command line update tool? but yeah lots of unpaid eyes are better than paid ones i guess

Re:

[farrellj]

The problem is not that any server has bugs, it's the fact that it seems that Exchange is so broken that they can't fix it and need to use software outside of the server subsystem shield the server from the exploit. That is sort of like having a hole in your tire, and you solve it by adding an air pump that continuously inflates the tire to mitigate the hole rather than fixing the tire.

Oh, and by the way, there are a number of Linux Distros that will automatically install security patches, and virtually *al

Re: In other news, guess what also mitigates it?

[spongman]

They _do_ have a system for deploying security fixes. Itâ(TM)s called windows defenter. :facepalm:

Re:

[olmsfam]

no its actually called windows update. or installing the patch. This is just for all the idiots that dont or wont use it. Its a matter of national security. This is actively being exploited and IT "professionals" are barely making an effort to patch their systems within the month. So they pushed another measure, in the vain hopes that it will help.

Re:

[dromgodis]

Far more secure

Anyone saying that tend to automatically lose credibility.

He wo hitte, shiri tsubome

[bpgslashdotaccount]

Hey, Microsoft! It's no use scrunching up your buttocks after you fart!

Why aren't we getting mail?

[Chas]

Oh, because Defender automatically disabled things Exchange needs to operate properly becuase they've been classed as "vulnerabilities"!

typical

[Tom]

so, instead of doing something about the root causes (shoddy software that has too many priviledges), they are using this to push another product in order to take hold of another market (AV software) ?

So typical. MS doesn't change.

Re:

[LostMyAccount]

The market for AV software was one Microsoft created originally with their swiss cheese software. And frankly, it sucked, AV products were either intrusive and resource draining or they were ineffective, and often both.

IMHO, Microsoft "taking hold" of the AV market has the upside that Microsoft now is dealing internally with their own security issues and it might lead down the line to their software generally being more secure, since its in their best interest to need less AV mitigation.

Re:

[Tom]

I would give something for such naive views of the world, it's probably easier and more comfortable.

If MS wanted to deal with security issues internally, they've had plenty of time, enough ressources to do it and several major OS releases to roll it out. The fact that they didn't means they are either incompetent, unwilling, or both.

Scalping the AV market with their own solution is a bit like a car company selling cars with shitty tires for twenty years and then when a well-established tire market has devel

Re:

[LostMyAccount]

Security in the computer industry as a whole has been a running trainwreck for 30 years. Microsoft has always prioritized backwards compatibility over pretty much everything else, except the last 5-10 years when they tried to mimic Apple with their mobile ambitions and touch-oriented UI overhaul.

Plus they've more or less been a monopoly (or close enough) that responsiveness to security hasn't been significant enough to move the needle on actual security improvements. And its not like their customers aband

Simple Question

[NoMoreACs]

How can a piece of code nearly as old as MS-DOS itself still have enough unpatched vulnerabilities after all these years serious enough that it requires even more potentially-vulnerable code to âoeautomatically mitigateâ even more presumably unknown vulnerabilities in the âoemonitoredâ code?

Amazing, Microsoft !

[ukasyahf]

This is good news, Microsoft is sure to always surprise you. Title and Keyword: Tutorialike.com [tutorialike.com] | Tutorial [tutorialike.com] | Panduan [tutorialike.com] Category: Seni dan Hiburan [tutorialike.com] | Mobil dan Otomotif [tutorialike.com] | Komputer dan Elektronik [tutorialike.com] | Pendidikan dan Komunikasi [tutorialike.com] | Keuangan dan Bisnis [tutorialike.com] | Tutorial [tutorialike.com] | Cara [tutorialike.com] | Bagaimana [tutorialike.com] | Mengapa [tutorialike.com] | Kenapa [tutorialike.com] | Mengobati [tutorialike.com] | Mengatasi [tutorialike.com] | Solusi [tutorialike.com] | Android [tutorialike.com] | Komputer [tutorialike.com] | Laptop [tutorialike.com] | Motor [tutorialike.com] | Mobil [tutorialike.com] | Cara Memasak [tutorialike.com] | Masakan [tutorialike.com] | Resep Makanan [tutorialike.com] | Resep Masakan [tutorialike.com] | Cara Membuat [tutorialike.com] | Resep Memasak [tutorialike.com] | Resep Membuat [tutorialike.com] | Tutorial Hijab [tutorialike.com] | Tutorial Makeup [tutorialike.com] | So [tutorialike.com]