cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Security Vulnerability for exchange server 2016 - Healthcheck.ps1

ramki1465
Contributor

‎Jan 16 2023 09:55 PM

‎Jan 16 2023 09:55 PM

Security Vulnerability for exchange server 2016 - Healthcheck.ps1

Hello All 

 

Currently my exchangeserver 2016 running on CU 23 with Jan 2023 SU , whenevr i run the .\healthchecker.PS1 script. it showing the below are 

 

Security Vulnerability
----------------------
IIS module anomalies detected: False
Security Vulnerability: Download Domains are not configured. You should configure them to be protected against CVE-2021-1730.
Configuration instructions: https://aka.ms/HC-DownloadDomains

 

THIS IS CAN BE IGNORED, since i dont have external certificate with SAN name download.domain.xyz

=====


Security Vulnerability: CVE-2022-24516, CVE-2022-21979, CVE-2022-21980, CVE-2022-24477, CVE-2022-30134
Extended Protection isn't configured as expected

 

CVE-2022-24516, CVE-2022-21979 - i have installed it , howver it keeps coming the script report, 

 

Since am running with latest CU , will this be ignored? Please suggest

352 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by ramki1465 (Contributor)
Dhruva_Kudva

‎Jan 17 2023 12:41 PM

‎Jan 17 2023 12:41 PM

Solution

Re: Security Vulnerability for exchange server 2016 - Healthcheck.ps1

You need to enable Extended Protection: https://microsoft.github.io/CSS-Exchange/Security/Extended-Protection/

Check the link above for exceptions. Once you enable EP, download the latest Health checker script and run it. You should not see that message again.
0 Likes
Reply
ramki1465

‎Jan 22 2023 08:34 PM

‎Jan 22 2023 08:34 PM

Re: Security Vulnerability for exchange server 2016 - Healthcheck.ps1

Thanks @Dhruva. Let me update
0 Likes
Reply