تکمیلی:

شرکت مایکروسافت شناسه های زیر را برای این دو آسیب پذیری معرفی کرده است:
CVE-2022-41040 flaw could only be exploited by authenticated attackers. Successful exploitation then allows them to trigger the CVE-2022-41082 RCE vulnerability.

تا زمان انتشار به روز رسانی رسمی می توان اقدامات زیر را برای شناسایی و کاهش خطر احتمالی به کار بست:
"The current mitigation is to add a blocking rule in "IIS Manager -> Default Web Site -> Autodiscover -> URL Rewrite -> Actions" to block the known attack patterns."

1. Open the IIS Manager.
2. Expand the Default Web Site.
3. Select Autodiscover.
4. In the Feature View, click URL Rewrite.
5. In the Actions pane on the right-hand side, click Add Rules.
6. Select Request Blocking and click OK.
7. Add String “.*autodiscover\.json.*\@.*Powershell.*” (excluding quotes) and click OK.
8. Expand the rule and select the rule with the Pattern ".*autodiscover\.json.*\@.*Powershell.*" and click Edit under Conditions.
9. Change the condition input from {URL} to {REQUEST_URI{
10. Block HTTP:5985 and HTTPS:5986 ports
11. For check compromised server can use below PowerShell command to scan IIS logs file
c:\>Get-ChildItem -Recurse -Path <Path_IIS_Logs> -Filter "*.log" | Select-String -Pattern 'powershell.*autodiscover\.json.*\@.*200'
@MasoudOstadChannel