Question: Does the NSE script already test for the latest bypass?

[certrik]

Hi,

does the script also test the latest bypass which was fixed on the 8th of October? https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/

Thank you.

[certrik]

@CronUp @LuemmelSec Looking at https://doublepulsar.com/proxynotshell-the-story-of-the-claimed-zero-day-in-microsoft-exchange-5c63d963a9e9 payload_bypass3 = "/autodiscover/autodiscover.json?a..foo.var/owa/?&Email=autodiscover/autodiscover.json?a..foo.var&Protocol=XYZ&FooProtocol=%50owershell/autodiscover.json" would do the trick, if I am right.