Skip to content

CVE-2023-21709

Download the latest release: CVE-2023-21709.ps1

The CVE-2023-21709.ps1 script can be used to address the Exchange Server vulnerability CVE-2023-21709 by removing the TokenCacheModule from IIS. It can also be used to restore a previously removed TokenCacheModule. The script allows you to explicitly specify a subset of Exchange servers on which the TokenCacheModule should be removed or restored. It's also possible to exclude a subset of Exchange servers from the operation performed by the script.

Requirements

This script must be run as Administrator in Exchange Management Shell (EMS). The user must be a member of the Organization Management role group.

How To Run

Examples:

This syntax removes the TokenCacheModule from all Exchange servers within the organization.

.\CVE-2023-21709.ps1

This syntax removes the TokenCacheModule from ExchangeSrv01 and ExchangeSrv02.

.\CVE-2023-21709.ps1 -ExchangeServerNames ExchangeSrv01, ExchangeSrv02

This syntax removes the TokenCacheModule from all Exchange servers within the organization except ExchangeSrv02.

.\CVE-2023-21709.ps1 -SkipExchangeServerNames ExchangeSrv02

This syntax restores the TokenCacheModule on all Exchange servers within the organization.

.\CVE-2023-21709.ps1 -Rollback

Parameters

Parameter Description
ExchangeServerNames A list of Exchange servers that you want to run the script against. This can be used for applying or rollback the CVE-2023-21709 configuration change.
SkipExchangeServerNames A list of Exchange servers that you don't want to execute the TokenCacheModule configuration action.
Rollback Switch parameter to rollback the CVE-2023-21709 configuration change and add the TokenCacheModule back to IIS.
ScriptUpdateOnly Switch parameter to only update the script without performing any other actions.
SkipVersionCheck Switch parameter to skip the automatic version check and script update.

Last update: January 9, 2023