Microsoft released emergency fixes for the security flaws on March 2 and warned that a state-sponsored threat group called Hafnium was actively exploiting the bugs, and since then, tens of thousands of organizations are suspected to have been attacked. At least 10 other advanced persistent threat (APT) groups have jumped on the opportunity slow or fragmented patching has provided.
The implementation of a recent security intelligence update for Microsoft Defender Antivirus and System Center Endpoint Protection means that mitigations will be applied on vulnerable Exchange servers when the software is deployed, without any further input from users. According to the firm, Microsoft Defender Antivirus will automatically identify if a server is vulnerable and apply the mitigation fix once per machine.
The article also points out Microsoft also released a one-click mitigation tool earlier this week, which is “still readily available as an alternative way to mitigate risk to vulnerable servers if IT admins do not have Defender Antivirus.”