The Microsoft 365 Defender Team announced that the company has taken an additional step, Exchange On-Premises Mitigation Tool, for both current and out-of-support versions of on-premises Exchange Servers. With the new update, Microsoft Defend Antivirus automatically mitigates CVE-2021-26855 on any vulnerable Exchange Server. Users should install the latest security intelligence update if they do not already have automatic updates turned on.
Immediate mitigation for threats
Microsoft also stated that this interim mitigation is designed to protect customers while they take can implement the latest Exchange Cumulative Update. Microsoft Defender Antivirus automatically identifies vulnerable versions and applies the mitigations the first time the security intelligence update is deployed. The mitigation is deployed once per machine.
Automatic mitigation with Microsoft Defender basically scans the server and reverse changes made by known cyber threats. Customers that manage Microsoft Defender Antivirus definition updates need to select the new detection build, 1.333.747.0 or newer, and deploy that to the Exchange Server.