Exchange Zero days are very common these days and there is a freshly baked one today (30th September 2022 as of writing). If you want to know what how the vulnerabilities work, take a look at the reference at the bottom. As a sysadmin I care about securing my systems.

Here are a few steps to mitigate this zero day vulnerability:

In IIS Manager on the Exchange Server, select the Autodiscover virtual directory and open URL Rewrite and add a new rule.

Select Request Blocking

Enter the string

.*autodiscover\.json.*\@.*Powershell.*

Using should be changed to Regular Expression.

Change URL to REQUEST_URI and save the changes.

References:

https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/