Update 11/8/2022: We have now released November 2022 Security Updates for Exchange Server. Please install those (or newer) updates to address vulnerabilities mentioned in this post. Mitigations are n...
Updated Nov 08, 2022
Version 17.0
Blog Post
2 MIN READ
Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server
Nino_Bilic
Microsoft
MicrosoftKen_Harrell1145 BB9193 DominicLanza And others who are asking about PowerShell access, here is what I can tell you:
The MSRC blog makes a suggestion "disable remote PowerShell access for non-admin users in your organization". This is because "CVE-2022-41082, allows Remote Code Execution (RCE) when PowerShell is accessible to the attacker." If you then look at the CVE text, scroll all the way down to FAQ to read more about how this vulnerability could be exploited.
Generally speaking, this is about reducing the possible attack surface.
How to disable PS for on-premises: https://learn.microsoft.com/en-us/powershell/exchange/control-remote-powershell-access-to-exchange-servers
And - just because people are asking how to do it for Exchange Online accounts too (even though the MSRC blog has a statement that "Microsoft Exchange Online has detections and mitigations to protect customers") - that information is here: https://learn.microsoft.com/en-us/powershell/exchange/disable-access-to-exchange-online-powershell