Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MdLupine
Participant
Jump to solution

Should we be expecting an IPS Blade update for CVE-2022-41040 and/or CVE-2022-41082 (Exchange 0-Day)

Should we be expecting an IPS Blade update for CVE-2022-41040 and/or CVE-2022-41082 (Exchange 0-Day) ? If so, is there an ETA for them to be delivered?

6 Replies
MdLupine
Participant

Thanks! I actually was informed about this shortly after I posted, but then couldn't find my original post here to reply/remove.
Thanks again for the quick response and turnaround.

0 Kudos
PhoneBoy
Admin
Admin

See no reason to do that as this will likely save someone else from asking the same question 🙂

0 Kudos
Cyber_Serge
Collaborator

I'm curious the article says "Check Point recommends activating HTTPS Inspection (in the Security Gateway / Cluster object properties > HTTPS Inspection view), as the attack payload may appear in encrypted or decrypted traffic."

 

Wouldn't that be a requirement instead of recommendation? since the attack is input in the url and cannot be seen from the header itself?

MdLupine
Participant

We're in a curious spot with that, ourselves. We've been striving to implement it but have been told it causes some instability and we cannot do so (Yet). But I would agree with you that for full protection against many modern threats that both in and outbound HTTPS inspection would be considered a mandatory scenario for any IPS to be fully effective.

0 Kudos
PhoneBoy
Admin
Admin

In general, the various Threat Prevention technologies will work better with HTTPS Inspection enabled.
It's possible that parts of the attack payload can be seen without decrypting the traffic.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events