Update 11/8/2022: We have now released November 2022 Security Updates for Exchange Server. Please install those (or newer) updates to address vulnerabilities mentioned in this post. Mitigations are n...
Updated Nov 08, 2022
Version 17.0
Blog Post
2 MIN READ
Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server
NOTABLY: if you add any Users to your Active Directory or Exchange, the default seems to be to allow remote PowerShell access (likely why all users seem to have this access).
Therefore, if you add a user to Active Directory or Exchange, you should probably also immediately disable their remote PowerShell access even after you've performed both mitigations. Currently, it seems, each new user is a new remote PowerShell attack vector.
Get-User -filter 'samaccountname -eq "{username of new user}"' | Set-User -RemotePowerShellEnabled $false
The_Exchange_Team (for whatever reason, can't @mention Nino anymore) is there any way to change the RemotePowerShellEnabled default to False?