Exchange 0-Day CVE-2022–41040 and CVE-2022–41082, how to check if rules are including the mitigation?

TrendMicro has already their signatures adjusted since 2 days, I could imagine Snort has too, but where to look for?

You can search the IPS database in the webadmin. All signatures are there. 

The question is, will IPS pick up the attack or not. 

See: twitter.com/.../1575628998712774656

as Sophos X Ops team is also referring to the article and mitigation I posted it seems the rewrite rule should be the 1st line of defense, and everybody should have this done.

That does not answer my question regarding Snort. How could I check those?

I would start to monitor the exchange with XDR tools for IoCs and unusual activities. 

You can see all signatures here: 

Microsoft have been through triage now, and issued CVE-2022–41040 and CVE-2022–41082. These are two new zero day vulnerabilities in Exchange. It appears the ProxyShell patches from early 2021 did not fix the issue.

source: https://doublepulsar.com/proxynotshell-the-story-of-the-claimed-zero-day-in-microsoft-exchange-5c63d963a9e9

IPS Signatures have not yet been updated (2022-09-30 11.00 AM CET): docs.sophos.com/.../index.html

Temporary solution: thehackernews.com/.../microsoft-confirms-2-new-exchange-zero.html