New Sophos Support Phone Numbers in Effect July 1st, 2023

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exchange 0-Day CVE-2022–41040 and CVE-2022–41082, how to check if rules are including the mitigation?

There is a critical 0-Day exploit for Exchange already being exploited, which is pretty much the same as the "ProxyShell" vulnerability in March.

How can I check if the mitigation is already working with Snort or IPS rules?

https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html#:~:text=Temporary%20containment%20measures

There is also written (see  "Temporary containment measures") how to create a rewrite rule to address the vulnerability, until a patch becomes available.



This thread was automatically locked due to age.
Parents Reply
  • Why is that not mentioned in the IPS Signature Release Note V9.19.68?

     
    SFVH (SFOS 19.5.2 MR-2-Build624)  - Last (re)boot on May 10 2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
Children
No Data