Exchange 0-Day CVE-2022–41040 and CVE-2022–41082, how to check if rules are including the mitigation?

There is a critical 0-Day exploit for Exchange already being exploited, which is pretty much the same as the "ProxyShell" vulnerability in March.

How can I check if the mitigation is already working with Snort or IPS rules?

https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html#:~:text=Temporary%20containment%20measures

There is also written (see  "Temporary containment measures") how to create a rewrite rule to address the vulnerability, until a patch becomes available.



Edited TAGs
[edited by: emmosophos at 11:16 PM (GMT -7) on 30 Sep 2022]