Despite Microsoft's efforts, there are still thousands of internally deployed exchange servers that have not been patched, which are easy to be used by hackers to steal data and blackmail software attacks.
So far, Microsoft has released a comprehensive security update, one click temporary exchange on premises mitigation tool, which is suitable for current and unsupported versions of on premises exchange servers, and provides step-by-step guidance to help solve these attacks.
Now, Microsoft has taken additional measures to further protect those companies that are still in a weak position and have not yet implemented a complete security update.
The latest version of Microsoft defender antivirus software and system center Endpoint Protection software, after the latest security intelligence update, will now automatically deploy cve-2021-26855 on vulnerable exchange servers. If the customer has not turned on the automatic update, no other action is required except to ensure that the latest security intelligence update (build 1.333.747.0 or later) is installed.
However, this will not replace the security patch, but will protect the server until the patch is in place. Microsoft is going through aka.ms/exchangevulns Issue further guidance.