Microsoft Defender now automatically mitigates a major issue used by Exchange attackers
Microsoft continues to address vulnerabilities utilized by Exchange Server attackers.
What you need to know
- Microsoft Defender now mitigates a vulnerability affecting Exchange servers.
- The tool specifically mitigates CVE-2021-26855, one of four issues utilized in the attacks on Exchange servers.
- Microsoft Defender will mitigate the issue automatically as long as automatic updates are turned on.
Microsoft continues to take steps to address vulnerabilities utilized by the recent attacks on its Exchange Server software. The company released emergency fixes on March 2 and released a one-click mitigation tool to reduce the risk of an attack on vulnerable servers. Now, Microsoft has updated Microsoft Defender to address a vulnerability.
Microsoft Defender Antivirus and System Center Endpoint Protection will now automatically mitigate one issue on vulnerable Exchange Servers. Microsoft outlines the step in a security blog post (via ZDNet):
Today, we have taken an additional step to further support our customers who are still vulnerable and have not yet implemented the complete security update. With the latest security intelligence update, Microsoft Defender Antivirus and System Center Endpoint Protection will automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed. Customers do not need to take action beyond ensuring they have installed the latest security intelligence update (build 1.333.747.0 or newer), if they do not already have automatic updates turned on.
Specifically, Microsoft Defender automatically mitigates CVE-2021-26855, which is a severe vulnerability. It is one of four vulnerabilities related to the attack on Exchange servers.
Microsoft emphasizes that the Exchange security update is a better way to protect servers:
The Exchange security update is still the most comprehensive way to protect your servers from these attacks and others fixed in earlier releases. This interim mitigation is designed to help protect customers while they take the time to implement the latest Exchange Cumulative Update for their version of Exchange.
Recent reports state that threat actors are increasing their attacks on vulnerable servers. People who manage servers should check to see if their systems have been affected and take appropriate action to address any issues.
All the latest news, reviews, and guides for Windows and Xbox diehards.

Sean Endicott is a News Writer at Windows Central, where he covers Windows 11, Surface hardware, Microsoft 365, AI, apps, and the broader PC ecosystem. Since joining the site in 2017, he has written well over a thousand articles across the Microsoft landscape, covering breaking news, analysis, and feature reporting.
He writes Windows Wrap, a weekly column covering the biggest stories in Windows and the PC industry, and what they mean for the platform going forward.
Before joining Windows Central full-time, Sean worked in journalism and media production after earning a First Class degree in Broadcast Journalism from Nottingham Trent University. Outside of tech, he is an award-winning American football coach based in Nottingham, England, and was named BAFCA Youth Coach of the Year in 2024.
