Skip to content

CVE-2023-21709

Download the latest release: CVE-2023-21709.ps1

Note

Microsoft has released the Windows Server October 2023 security update to address the TokenCacheModule vulnerability. While the script can still be used to mitigate the vulnerability, the recommended solution is to install the Windows Server October 2023 (or later) security update instead. The update and more information can be found here: CVE-2023-36434

The CVE-2023-21709.ps1 script can be used to mitigate the CVE-2023-21709 and CVE-2023-36434 vulnerability by removing the TokenCacheModule from IIS. It can also be used to restore a previously removed TokenCacheModule.

Note

The script doesn't perform any check if the Windows Server October 2023 (or later) security update has been installed before restoring the TokenCacheModule. Make sure to install the update before restoring the module.

The script allows you to explicitly specify a subset of Exchange servers on which the TokenCacheModule should be removed or restored. It's also possible to exclude a subset of Exchange servers from the operation performed by the script.

Requirements

This script must be run as Administrator in Exchange Management Shell (EMS). The user must be a member of the Organization Management role group.

How To Run

Examples:

This syntax removes the TokenCacheModule from all Exchange servers within the organization.

.\CVE-2023-21709.ps1

This syntax removes the TokenCacheModule from ExchangeSrv01 and ExchangeSrv02.

.\CVE-2023-21709.ps1 -ExchangeServerNames ExchangeSrv01, ExchangeSrv02

This syntax removes the TokenCacheModule from all Exchange servers within the organization except ExchangeSrv02.

.\CVE-2023-21709.ps1 -SkipExchangeServerNames ExchangeSrv02

This syntax restores the TokenCacheModule on all Exchange servers within the organization.

.\CVE-2023-21709.ps1 -Rollback

Parameters

Parameter Description
ExchangeServerNames A list of Exchange servers that you want to run the script against. This can be used for applying or rollback the CVE-2023-21709 configuration change.
SkipExchangeServerNames A list of Exchange servers that you don't want to execute the TokenCacheModule configuration action.
Rollback Switch parameter to rollback the CVE-2023-21709 configuration change and add the TokenCacheModule back to IIS.
ScriptUpdateOnly Switch parameter to only update the script without performing any other actions.
SkipVersionCheck Switch parameter to skip the automatic version check and script update.