diff --git a/cves/2021/CVE-2021-28480.yaml b/cves/2021/CVE-2021-28480.yaml
index 50f6242902..d51d5da215 100644
--- a/cves/2021/CVE-2021-28480.yaml
+++ b/cves/2021/CVE-2021-28480.yaml
@@ -6,7 +6,9 @@ info:
   severity: critical
   description: CVE-2021-28480 & CVE-2021-28481 received a CVSS score of 9.8 which is remarkably high. Both of these have 'Network' as attack vector, which means the attack can be executed remotely and the exploit might potentially be wormable.
   tags: cve,cve2021,rce,exchange
-  reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28480
+  reference: |
+      - https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28480
+      - https://khonggianmang.vn/check-proxynotfound/en
 
 requests:
   - raw:
@@ -23,8 +25,7 @@ requests:
         regex:
           - "NTLM .+"
         part: header
-        condition: and
 
-      - type: status
-        status:
-          - 401
+      - type: dsl
+        dsl:
+          - "contains(tolower(all_headers), 'www-authenticate') && status_code == 401"