There is a critical 0-Day exploit for Exchange already being exploited, which is pretty much the same as the "ProxyShell" vulnerability in March.
How can I check if the mitigation is already working with Snort or IPS rules?
There is also written (see "Temporary containment measures") how to create a rewrite rule to address the vulnerability, until a patch becomes available.
You should monitor closely your Exchange with a XDR solution for compromise. Currently there is too much fog around this attacks.
Microsoft have been through triage now, and issued CVE-2022–41040 and CVE-2022–41082. These are two new zero day vulnerabilities in Exchange. It appears the ProxyShell patches from early 2021 did not fix the issue.
source: https://doublepulsar.com/proxynotshell-the-story-of-the-claimed-zero-day-in-microsoft-exchange-5c63d963a9e9IPS Signatures have not yet been updated (2022-09-30 11.00 AM CET): docs.sophos.com/.../index.html
Temporary solution: thehackernews.com/.../microsoft-confirms-2-new-exchange-zero.html