CVE-2023-21709
Download the latest release: CVE-2023-21709.ps1
The CVE-2023-21709.ps1
script can be used to address the Exchange Server vulnerability CVE-2023-21709
by removing the TokenCacheModule
from IIS. It can also be used to restore a previously removed TokenCacheModule
.
The script allows you to explicitly specify a subset of Exchange servers on which the TokenCacheModule
should be removed or restored. It's also possible to exclude a subset of Exchange servers from the operation performed by the script.
Requirements
This script must be run as Administrator in Exchange Management Shell (EMS)
. The user must be a member of the Organization Management
role group.
How To Run
Examples:
This syntax removes the TokenCacheModule
from all Exchange servers within the organization.
.\CVE-2023-21709.ps1
This syntax removes the TokenCacheModule
from ExchangeSrv01
and ExchangeSrv02
.
.\CVE-2023-21709.ps1 -ExchangeServerNames ExchangeSrv01, ExchangeSrv02
This syntax removes the TokenCacheModule
from all Exchange servers within the organization except ExchangeSrv02
.
.\CVE-2023-21709.ps1 -SkipExchangeServerNames ExchangeSrv02
This syntax restores the TokenCacheModule
on all Exchange servers within the organization.
.\CVE-2023-21709.ps1 -Rollback
Parameters
Parameter | Description |
---|---|
ExchangeServerNames | A list of Exchange servers that you want to run the script against. This can be used for applying or rollback the CVE-2023-21709 configuration change. |
SkipExchangeServerNames | A list of Exchange servers that you don't want to execute the TokenCacheModule configuration action. |
Rollback | Switch parameter to rollback the CVE-2023-21709 configuration change and add the TokenCacheModule back to IIS. |
ScriptUpdateOnly | Switch parameter to only update the script without performing any other actions. |
SkipVersionCheck | Switch parameter to skip the automatic version check and script update. |