Microsoft Defender now automatically mitigates a major issue used by Exchange attackers

Microsoft logo
Microsoft logo (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • Microsoft Defender now mitigates a vulnerability affecting Exchange servers.
  • The tool specifically mitigates CVE-2021-26855, one of four issues utilized in the attacks on Exchange servers.
  • Microsoft Defender will mitigate the issue automatically as long as automatic updates are turned on.

Microsoft continues to take steps to address vulnerabilities utilized by the recent attacks on its Exchange Server software. The company released emergency fixes on March 2 and released a one-click mitigation tool to reduce the risk of an attack on vulnerable servers. Now, Microsoft has updated Microsoft Defender to address a vulnerability.

Microsoft Defender Antivirus and System Center Endpoint Protection will now automatically mitigate one issue on vulnerable Exchange Servers. Microsoft outlines the step in a security blog post (via ZDNet):

Today, we have taken an additional step to further support our customers who are still vulnerable and have not yet implemented the complete security update. With the latest security intelligence update, Microsoft Defender Antivirus and System Center Endpoint Protection will automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed. Customers do not need to take action beyond ensuring they have installed the latest security intelligence update (build 1.333.747.0 or newer), if they do not already have automatic updates turned on.

Specifically, Microsoft Defender automatically mitigates CVE-2021-26855, which is a severe vulnerability. It is one of four vulnerabilities related to the attack on Exchange servers.

Microsoft emphasizes that the Exchange security update is a better way to protect servers:

The Exchange security update is still the most comprehensive way to protect your servers from these attacks and others fixed in earlier releases. This interim mitigation is designed to help protect customers while they take the time to implement the latest Exchange Cumulative Update for their version of Exchange.

Recent reports state that threat actors are increasing their attacks on vulnerable servers. People who manage servers should check to see if their systems have been affected and take appropriate action to address any issues.

Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at