Hello All,
Many of us may be aware of the critical security update for Microsoft Outlook for
Windows that is required to address CVE-2023-23397.
To
address this CVE, we must install the Outlook security update, regardless
of where your mail is hosted (e.g., Exchange Online, Exchange Server, some
other platform).
Microsoft
released latest office updates on march 14th 2023 and the Version
2302 (Build 16130.20306)
As
per Microsoft, all supported versions of Microsoft Outlook for Windows are
affected.
There
is NO impact for other versions of Microsoft Outlook such
as Android, iOS, and Mac, as well as Outlook on
the web and other M365 services
After outlook patched. we can use a the
script https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-23397/ created by MS to
validate the environment
During the validation process on exchange 2016 mailbox [onprem mailbox] , i have faced the below error
[PS] C:\RamkiScripts>Get-Mailbox -ResultSize Unlimited | .\CVE-2023-23397.ps1 -Environment Onprem -EWSServerURL "https://Servername.cloudmonkeys.xyz/EWS/Exchange.asmx"
cmdlet CVE-2023-23397.ps1 at command pipeline position 2
Supply values for the following parameters:
Credential
CVE-2023-23397 script version 23.03.17.2033
Trying to find Microsoft.Exchange.WebServices.dll in the script folder
Microsoft.Exchange.WebServices.dll was found in the script folder
Unable to connect to EWS endpoint. Please make sure you have enter valid credentials. Inner Exception
The request failed. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Resolution
[PS] C:\RamkiScripts>& '.\get-mailbox from CSV.ps1' | .\CVE-2023-23397.ps1 -Environment Onprem -EWSServerURL https://127.0.0.1/EWS/Exchange.asmx -IgnoreCertificateMismatch
cmdlet CVE-2023-23397.ps1 at command pipeline position 2
Supply values for the following parameters:
Credential
CVE-2023-23397 script version 23.03.17.2033
Trying to find Microsoft.Exchange.WebServices.dll in the script folder
Microsoft.Exchange.WebServices.dll was found in the script folder
Scanning 1 of 10 mailboxes (currently: Administrator@cloudmonkeys.xyz)
Scanning 2 of 10 mailboxes (currently: ramki01@cloudmonkeys.xyz)
Scanning 3 of 10 mailboxes (currently: admin@cloudmonkeys.xyz)
Scanning 4 of 10 mailboxes (currently: DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}@cloudmonkeys.xyz)
Scanning 5 of 10 mailboxes (currently: Avtar.Ellwood@cloudmonkeys.xyz)
Scanning 6 of 10 mailboxes (currently: Carol.Wilson@cloudmonkeys.xyz)
Scanning 7 of 10 mailboxes (currently: Caroline.Ball@cloudmonkeys.xyz)
Scanning 8 of 10 mailboxes (currently: David.Hans@cloudmonkeys.xyz)
Scanning 9 of 10 mailboxes (currently: Ella.Amaral@cloudmonkeys.xyz)
Scanning 10 of 10 mailboxes (currently: Emma.Gardner@cloudmonkeys.xyz)
No vulnerable item found
Comments
Post a Comment