Microsoft has released Security Updates (SUs) for vulnerabilities found in:
Exchange Server 2013
Exchange Server 2016
Exchange Server 2019
SUs are available in a self-extracting auto-elev...
Updated May 08, 2023
Version 22.0
Blog Post
Brent Berwick the "N" is set that way for all rows.. We need to manually change that to "y" for any rows that we deem worthy of cleaning up with the script. We then point the script to the updated CSV file when using the script in Cleanup mode. I missed these instructions too, but they are in fact on the main github.io page for the script
Cleanup Mode:
The script provides a list of all the messages containing the problematic property in the mailboxes of users specified in an AuditResult_timestamp.CSV file. Admins should analyze this file and mark (with a "Y") messages for which either the property is to be cleaned or the message must be removed.
Step 1 Mark the messages for cleanup by entering “Y” instead of “N” in the cleanup column of CSV file.
Step 2 Choose either to remove the message or only the problematic property in the next step by specifying CleanupAction as “ClearItem” or “ClearProperty.” Execute the script as follows to remove the message or property marked with Y in the CSV file.
EXAMPLES:
This syntax runs the script to clear the problematic property from messages:
PS C:\> .\CVE-2023-23397.ps1 -Environment Onprem -CleanupAction ClearProperty -CleanupInfoFilePath <Path to modified CSV>
This syntax runs the script to delete messages containing the malicious property
PS C:\> .\CVE-2023-23397.ps1 -Environment Onprem -CleanupAction ClearItem -CleanupInfoFilePath <Path to modified CSV>