CVE-2023-21709
Download the latest release: CVE-2023-21709.ps1
The CVE-2023-21709.ps1 script can be used to address the Exchange Server vulnerability CVE-2023-21709 by removing the TokenCacheModule from IIS. It can also be used to restore a previously removed TokenCacheModule.
The script allows you to explicitly specify a subset of Exchange servers on which the TokenCacheModule should be removed or restored. It's also possible to exclude a subset of Exchange servers from the operation performed by the script.
Requirements
This script must be run as Administrator in Exchange Management Shell (EMS). The user must be a member of the Organization Management role group.
How To Run
Examples:
This syntax removes the TokenCacheModule from all Exchange servers within the organization.
.\CVE-2023-21709.ps1
This syntax removes the TokenCacheModule from ExchangeSrv01 and ExchangeSrv02.
.\CVE-2023-21709.ps1 -ExchangeServerNames ExchangeSrv01, ExchangeSrv02
This syntax removes the TokenCacheModule from all Exchange servers within the organization except ExchangeSrv02.
.\CVE-2023-21709.ps1 -SkipExchangeServerNames ExchangeSrv02
This syntax restores the TokenCacheModule on all Exchange servers within the organization.
.\CVE-2023-21709.ps1 -Rollback
Parameters
| Parameter | Description |
|---|---|
| ExchangeServerNames | A list of Exchange servers that you want to run the script against. This can be used for applying or rollback the CVE-2023-21709 configuration change. |
| SkipExchangeServerNames | A list of Exchange servers that you don't want to execute the TokenCacheModule configuration action. |
| Rollback | Switch parameter to rollback the CVE-2023-21709 configuration change and add the TokenCacheModule back to IIS. |
| ScriptUpdateOnly | Switch parameter to only update the script without performing any other actions. |
| SkipVersionCheck | Switch parameter to skip the automatic version check and script update. |