New 0-day vulnerability found in Microsoft Exchange

fsdg 986 Reputation points
2022-10-04T08:49:59.94+00:00

Hello,

yesterday someone bypassed zero-day mitigation for Exchange server from Friday.
https://www.bleepingcomputer.com/news/security/microsoft-exchange-server-zero-day-mitigation-can-be-bypassed/

Is there any official Microsoft announcement what to do next?
Can we delete rule and create new or modify rule...If rule is automatically created should we wait for Microsoft to update mitigation script....?

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,393 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,914 questions
0 comments No comments
{count} votes

Accepted answer
  1. Joyce Shen - MSFT 16,646 Reputation points
    2022-10-05T05:57:45.69+00:00

    Hi @fsdg

    Take a look at the link here about: Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

    247662-image.png


    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. JimmySalian-2011 41,926 Reputation points
    2022-10-04T09:21:59.923+00:00

    Hi,

    AFAIK, there is no such release from Microsoft you will need to monitor and apply the advance hunting techniques and mitigation to prevent/protect your environment.

    Detailed steps and information can be followed here , make sure you follow all the steps listed in this article:

    Microsoft Defender Policies for Endpoint and Servers
    Enable AV Scanning, Network Protection and others as per the guidance

    analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082

    If you have concerns I will suggest you to raise a support case with Microsoft.

    Hope this helps.

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments No comments