Exchange 0-Day CVE-2022–41040 and CVE-2022–41082, how to check if rules are including the mitigation?

There is a critical 0-Day exploit for Exchange already being exploited, which is pretty much the same as the "ProxyShell" vulnerability in March.

How can I check if the mitigation is already working with Snort or IPS rules?

There is also written (see  "Temporary containment measures") how to create a rewrite rule to address the vulnerability, until a patch becomes available.

Edited TAGs
[edited by: emmosophos at 11:16 PM (GMT -7) on 30 Sep 2022]
Parents Reply Children