New 0-day vulnerability found in Microsoft Exchange

Question

Hello,

yesterday someone bypassed zero-day mitigation for Exchange server from Friday.
https://www.bleepingcomputer.com/news/security/microsoft-exchange-server-zero-day-mitigation-can-be-bypassed/

Is there any official Microsoft announcement what to do next?
Can we delete rule and create new or modify rule...If rule is automatically created should we wait for Microsoft to update mitigation script....?

Answer 1

Hi @Andy

Take a look at the link here about: Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

---

If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Hi,

AFAIK, there is no such release from Microsoft you will need to monitor and apply the advance hunting techniques and mitigation to prevent/protect your environment.

Detailed steps and information can be followed here , make sure you follow all the steps listed in this article:

Microsoft Defender Policies for Endpoint and Servers
Enable AV Scanning, Network Protection and others as per the guidance

analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082

If you have concerns I will suggest you to raise a support case with Microsoft.

Hope this helps.

==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.