https://live.paloaltonetworks.com/t5/advanced-threat-prevention/microsoft-exchange-zero-day-2022/m-p/516437#M1751 <P>Currently, Palo Alto Networks is researching on the vulnerability. There's no signature available yet.</P> <P>&nbsp;</P> <P>For your reference: "A vulnerability/CVE is released; when will the vulnerability signature[IPS] be released? Why do some CVEs not have vulnerability signatures? What is default action?"<BR /><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HAOnCAO" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HAOnCAO</A></P> <P>&nbsp;</P> <P>When there's an update, I can share the status here.</P> Fri, 30 Sep 2022 05:29:53 GMT ymiyashita 2022-09-30T05:29:53Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/microsoft-exchange-zero-day-2022/m-p/516423#M1750 <P>According to below link Microsoft Exchange have expose to new vulnerability again . I am using Palo Alto firewall PAN-OS 9.1.14 may I know Palo Alto firewall is able to detect this vulnerability ? and where to check it since I do not have CVE number.&nbsp;</P> <P><A href="https://www.bleepingcomputer.com/news/security/new-microsoft-exchange-zero-day-actively-exploited-in-attacks/" target="_blank">New Microsoft Exchange zero-day actively exploited in attacks (bleepingcomputer.com)</A></P> <P>&nbsp;</P> <P><A href="https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html" target="_blank">Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server | Blog | GTSC - Cung cấp các dịch vụ bảo mật toàn diện (gteltsc.vn)</A></P> Fri, 30 Sep 2022 03:09:21 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/microsoft-exchange-zero-day-2022/m-p/516423#M1750 JiaXiang 2022-09-30T03:09:21Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/microsoft-exchange-zero-day-2022/m-p/516437#M1751 <P>Currently, Palo Alto Networks is researching on the vulnerability. There's no signature available yet.</P> <P>&nbsp;</P> <P>For your reference: "A vulnerability/CVE is released; when will the vulnerability signature[IPS] be released? Why do some CVEs not have vulnerability signatures? What is default action?"<BR /><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HAOnCAO" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HAOnCAO</A></P> <P>&nbsp;</P> <P>When there's an update, I can share the status here.</P> Fri, 30 Sep 2022 05:29:53 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/microsoft-exchange-zero-day-2022/m-p/516437#M1751 ymiyashita 2022-09-30T05:29:53Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/microsoft-exchange-zero-day-2022/m-p/516503#M1753 <P>I check the portal site; however, nothing is public as of yet. Any update on the signature release?</P> Fri, 30 Sep 2022 20:54:08 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/microsoft-exchange-zero-day-2022/m-p/516503#M1753 Mikeya.Herbert 2022-09-30T20:54:08Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/microsoft-exchange-zero-day-2022/m-p/516575#M1755 <P>Here is the KB article for the vulnerabilities (CVE-2022-41040 and CVE-2022-41082). When there's an update on the signature coverage, the KB will also be updated.<BR /><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sZK9CAM" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sZK9CAM</A></P> <P>&nbsp;</P> Mon, 03 Oct 2022 00:19:06 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/microsoft-exchange-zero-day-2022/m-p/516575#M1755 ymiyashita 2022-10-03T00:19:06Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/microsoft-exchange-zero-day-2022/m-p/516824#M1756 <P>A signature (TID:91368) for CVE-2022-41040 was released in the content version 8624.<BR />Based on our research, blocking CVE-2022-41040 can be the mitigation of CVE-2022-41082.</P> <P>&nbsp;</P> <P>Unit42 also published a blog:<BR /><A href="https://unit42.paloaltonetworks.com/proxynotshell-cve-2022-41040-cve-2022-41082/" target="_blank">https://unit42.paloaltonetworks.com/proxynotshell-cve-2022-41040-cve-2022-41082/</A></P> <P>&nbsp;</P> Wed, 05 Oct 2022 02:08:59 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/microsoft-exchange-zero-day-2022/m-p/516824#M1756 ymiyashita 2022-10-05T02:08:59Z