diff --git a/Security/src/CVE-2023-21709/CVE-2023-21709.ps1 b/Security/src/CVE-2023-21709/CVE-2023-21709.ps1 index 6592d949af..d68c738502 100644 --- a/Security/src/CVE-2023-21709/CVE-2023-21709.ps1 +++ b/Security/src/CVE-2023-21709/CVE-2023-21709.ps1 @@ -5,7 +5,7 @@ .SYNOPSIS This script removes the TokenCacheModule from IIS to protect Exchange Server against CVE-2023-21709. .DESCRIPTION - The script removes the TokenCacheModule from IIS to protect Exchange Server against CVE-2023-21709. + The script removes the TokenCacheModule from IIS to protect Exchange Server against CVE-2023-21709. It comes with a parameter that allows you to explicitly specify a subset of Exchange servers on which the TokenCacheModule should be removed or restored (ExchangeServerNames). It's also possible to exclude a subset of Exchange servers from the operation performed by the script (SkipExchangeServerNames). @@ -14,7 +14,11 @@ .PARAMETER SkipExchangeServerNames Use this parameter to explicitly exclude Exchange servers from removing or restoring the TokenCacheModule. .PARAMETER Rollback - Use this parameter rollback the CVE-2023-21709 solution and add the TokenCacheModule back to IIS. + Use this parameter rollback the CVE-2023-21709 configuration and add the TokenCacheModule back to IIS. +.PARAMETER ScriptUpdateOnly + This optional parameter allows you to only update the script without performing any other actions. +.PARAMETER SkipVersionCheck + This optional parameter allows you to skip the automatic version check and script update. .EXAMPLE PS C:\> .\CVE-2023-21709.ps1 It will remove the TokenCacheModule from all of the Exchange servers in the organization. @@ -28,67 +32,101 @@ PS C:\> .\CVE-2023-21709.ps1 -Rollback It will restore the TokenCacheModule on all Exchange servers within the organization. #> -[CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'High')] +[CmdletBinding(DefaultParameterSetName = "Default", SupportsShouldProcess = $true, ConfirmImpact = 'High')] param( + [Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true, ParameterSetName = "Default")] + [Alias("Name", "Fqdn")] [string[]]$ExchangeServerNames = $null, + [Parameter(Mandatory = $false, ParameterSetName = "Default")] [string[]]$SkipExchangeServerNames = $null, - [switch]$Rollback + [Parameter(Mandatory = $false, ParameterSetName = "Default")] + [switch]$Rollback, + + [Parameter(Mandatory = $false, ParameterSetName = "ScriptUpdateOnly")] + [switch]$ScriptUpdateOnly, + + [Parameter(Mandatory = $false, ParameterSetName = "Default")] + [switch]$SkipVersionCheck ) begin { $BuildVersion = "" - . $PSScriptRoot\WriteFunctions.ps1 - . $PSScriptRoot\ConfigurationAction\Invoke-ConfigureMitigation.ps1 - . $PSScriptRoot\ConfigurationAction\Invoke-Rollback.ps1 + . $PSScriptRoot\ConfigurationAction\Invoke-TokenCacheModuleAction.ps1 . $PSScriptRoot\..\..\..\Shared\OutputOverrides\Write-Host.ps1 . $PSScriptRoot\..\..\..\Shared\OutputOverrides\Write-Progress.ps1 . $PSScriptRoot\..\..\..\Shared\OutputOverrides\Write-Verbose.ps1 - . $PSScriptRoot\..\..\..\Shared\OutputOverrides\Write-Warning.ps1 . $PSScriptRoot\..\..\..\Shared\ScriptUpdateFunctions\Test-ScriptVersion.ps1 . $PSScriptRoot\..\..\..\Shared\Confirm-Administrator.ps1 . $PSScriptRoot\..\..\..\Shared\Confirm-ExchangeShell.ps1 . $PSScriptRoot\..\..\..\Shared\LoggerFunctions.ps1 - . $PSScriptRoot\..\..\..\Shared\Out-Columns.ps1 . $PSScriptRoot\..\..\..\Shared\Show-Disclaimer.ps1 - $Script:Logger = Get-NewLoggerInstance -LogName "CVE-2023-21709-$((Get-Date).ToString("yyyyMMddhhmmss"))-Debug" ` - -AppendDateTimeToFileName $false ` - -ErrorAction SilentlyContinue + function Write-VerboseLog ($Message) { + $Script:Logger = $Script:Logger | Write-LoggerInstance $Message + } + + function Write-HostLog ($Message) { + $Script:Logger = $Script:Logger | Write-LoggerInstance $Message + } + + $loggerInstanceParams = @{ + LogName = "CVE-2023-21709-$((Get-Date).ToString("yyyyMMddhhmmss"))-Debug" + AppendDateTimeToFileName = $false + ErrorAction = "SilentlyContinue" + } + + $Script:Logger = Get-NewLoggerInstance @loggerInstanceParams SetWriteHostAction ${Function:Write-HostLog} SetWriteVerboseAction ${Function:Write-VerboseLog} - SetWriteWarningAction ${Function:Write-HostLog} SetWriteProgressAction ${Function:Write-HostLog} + + $exchangeServersToProcess = New-Object "System.Collections.Generic.List[string]" +} process { + if ($null -ne $ExchangeServerNames) { + Write-Verbose ("Adding server(s): $([string]::Join(", ", $ExchangeServerNames)) to the list of servers to be processed...") + $exchangeServersToProcess.AddRange($ExchangeServerNames) + } else { + Write-Verbose ("No server was passed via the ExchangeServerNames parameter") + } } end { - if (-not (Confirm-Administrator)) { - Write-Warning "The script needs to be executed in elevated mode. Start the shell as an Administrator." + if (-not(Confirm-Administrator)) { + Write-Host "The script needs to be executed in elevated mode. Start the PowerShell as an administrator." -ForegroundColor Yellow exit } - Write-Host ("CVE-2023-21709 script version $($BuildVersion)") -ForegroundColor Green $versionsUrl = "https://aka.ms/CVE-2023-21709-VersionsUrl" - if (Test-ScriptVersion -AutoUpdate -VersionsUrl $versionsUrl -Confirm:$false) { + Write-Host ("CVE-2023-21709 script version $($BuildVersion)") -ForegroundColor Green + + if ($ScriptUpdateOnly) { + switch (Test-ScriptVersion -AutoUpdate -VersionsUrl $versionsUrl -Confirm:$false) { + ($true) { Write-Host ("Script was successfully updated") -ForegroundColor Green } + ($false) { Write-Host ("No update of the script performed") -ForegroundColor Yellow } + default { Write-Host ("Unable to perform ScriptUpdateOnly operation") -ForegroundColor Red } + } + return + } + + if ((-not($SkipVersionCheck)) -and + (Test-ScriptVersion -AutoUpdate -VersionsUrl $versionsUrl -Confirm:$false)) { Write-Host ("Script was updated. Please re-run the command") -ForegroundColor Yellow return } $exchangeShell = Confirm-ExchangeShell if (-not($exchangeShell.ShellLoaded)) { - Write-Warning "Failed to load the Exchange Management Shell. Start the script using the Exchange Management Shell." - exit - } elseif (-not($exchangeShell.EMS)) { - Write-Warning "This script requires to be run inside of Exchange Management Shell. Please run on an Exchange Management Server or an Exchange Server with Exchange Management Shell." + Write-Host "Failed to load the Exchange Management Shell. Start the script using the Exchange Management Shell." -ForegroundColor Yellow exit } try { $iisAppPoolWording = "Note that each Exchange server's IIS Application Pool will be restarted after either applying the setting change or restore action." $vulnerabilityMoreInformationWording = "More information about the vulnerability can be found here: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2023-21709." - if (-not $Rollback) { + if (-not($Rollback)) { $params = @{ Message = "Display Warning about TokenCacheModule removal operation" Target = "Removal of TokenCacheModule from IIS is recommended for security reasons. " + @@ -110,37 +148,45 @@ begin { } Show-Disclaimer @params - Write-Verbose ("Running Get-ExchangeServer to get list of all exchange servers") + Write-Verbose ("Running Get-ExchangeServer to get list of all Exchange servers") Set-ADServerSettings -ViewEntireForest $true - $ExchangeServers = Get-ExchangeServer | Where-Object { $_.AdminDisplayVersion -like "Version 15*" -and $_.ServerRole -ne "Edge" } - - if ($null -ne $ExchangeServerNames -and $ExchangeServerNames.Count -gt 0) { - Write-Verbose "Running only on servers: $([string]::Join(", " ,$ExchangeServerNames))" - $ExchangeServers = $ExchangeServers | Where-Object { ($_.Name -in $ExchangeServerNames) -or ($_.FQDN -in $ExchangeServerNames) } + $ExchangeServers = Get-ExchangeServer | Where-Object { + (($_.AdminDisplayVersion -like "Version 15*") -and + ($_.ServerRole -ne "Edge")) } - if ($null -ne $SkipExchangeServerNames -and $SkipExchangeServerNames.Count -gt 0) { - Write-Verbose "Skipping servers: $([string]::Join(", ", $SkipExchangeServerNames))" + if (($null -ne $exchangeServersToProcess) -and + ($exchangeServersToProcess.Count -gt 0)) { + Write-Host "Running only on Exchange servers: $([string]::Join(", " ,$exchangeServersToProcess))" + $ExchangeServers = $ExchangeServers | Where-Object { + (($_.Name -in $exchangeServersToProcess) -or + ($_.FQDN -in $exchangeServersToProcess)) + } + } + if (($null -ne $SkipExchangeServerNames) -and + ($SkipExchangeServerNames.Count -gt 0)) { + Write-Host "Skipping Exchange servers: $([string]::Join(", ", $SkipExchangeServerNames))" # Remove all the servers present in the SkipExchangeServerNames list - $ExchangeServers = $ExchangeServers | Where-Object { ($_.Name -notin $SkipExchangeServerNames) -and ($_.FQDN -notin $SkipExchangeServerNames) } + $ExchangeServers = $ExchangeServers | Where-Object { + (($_.Name -notin $SkipExchangeServerNames) -and + ($_.FQDN -notin $SkipExchangeServerNames)) + } } if ($null -eq $ExchangeServers) { - Write-Host "No exchange servers to process. Please specify server filters correctly" + Write-Host "No Exchange servers to process. Please specify server filters correctly" -ForegroundColor Red exit } - if ($Rollback) { - Invoke-Rollback -ExchangeServers $ExchangeServers - return + $tokenCacheActionParams = @{ + ExchangeServers = $ExchangeServers + Action = if (-not($Rollback)) { "Protect" } else { "Rollback" } } - Invoke-ConfigureMitigation -ExchangeServers $ExchangeServers - return + Invoke-TokenCacheModuleAction @tokenCacheActionParams } finally { Write-Host "" - Write-Host "Script Completed successfully!" - Write-Host "Do you have feedback regarding the script? Please email ExToolsFeedback@microsoft.com." + Write-Host "Do you have feedback regarding the script? Please let us know: ExToolsFeedback@microsoft.com." } } diff --git a/Security/src/CVE-2023-21709/ConfigurationAction/Invoke-ConfigureMitigation.ps1 b/Security/src/CVE-2023-21709/ConfigurationAction/Invoke-ConfigureMitigation.ps1 deleted file mode 100644 index b2d349b7d8..0000000000 --- a/Security/src/CVE-2023-21709/ConfigurationAction/Invoke-ConfigureMitigation.ps1 +++ /dev/null @@ -1,107 +0,0 @@ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. - -. $PSScriptRoot\..\..\..\..\Shared\Invoke-ScriptBlockHandler.ps1 -. $PSScriptRoot\..\..\..\..\Shared\Write-ErrorInformation.ps1 - -function Invoke-ConfigureMitigation { - [CmdletBinding()] - param( - [Parameter(Mandatory = $true)] - [string[]]$ExchangeServers - ) - - begin { - $FailedServers = New-Object 'System.Collections.Generic.List[string]' - $NoImpactServers = New-Object 'System.Collections.Generic.List[string]' - - $progressParams = @{ - Activity = "Removing TokenCachingModule" - Status = [string]::Empty - PercentComplete = 0 - } - - Write-Verbose "Calling: $($MyInvocation.MyCommand)" - - $ConfigureMitigation = { - $results = @{ - IsMitigationRequired = $true - IsSuccessful = $false - ErrorContext = $null - } - - try { - if ($null -eq (Get-WebGlobalModule -Name "TokenCacheModule")) { - $results.IsMitigationRequired = $false - return $results - } - - Clear-WebConfiguration -Filter "/system.webServer/globalModules/add[@name='TokenCacheModule']" -PSPath "IIS:\" -ErrorAction Stop - if (-not $WhatIfPreference) { - if ($null -eq (Get-WebGlobalModule -Name "TokenCacheModule")) { - $results.IsSuccessful = $true - } - } - } catch { - $results.ErrorContext = $_ - } - - return $results - } - } process { - $counter = 0 - $totalCount = $ExchangeServers.Count - - if ($WhatIfPreference) { - Write-Host ("What if: Will perform the below actions on the following servers: {0}" -f [string]::Join(", ", $ExchangeServers)) - } - - foreach ($Server in $ExchangeServers) { - $baseStatus = "Processing: $Server -" - $progressParams.PercentComplete = ($counter / $totalCount * 100) - $progressParams.Status = "$baseStatus Applying mitigation" - Write-Progress @progressParams - - $counter ++; - - if (-not $WhatIfPreference -or ($Server).Split(".")[0] -eq $env:COMPUTERNAME) { - Write-Verbose ("Calling Invoke-ScriptBlockHandler on Server {0}" -f $Server) - $resultsInvoke = Invoke-ScriptBlockHandler -ComputerName $Server -ScriptBlock $ConfigureMitigation - } - - if (-not $WhatIfPreference) { - if ($null -eq $resultsInvoke) { - Write-Warning ("Server {0} is unavailable. Skipping it!" -f $Server) - $FailedServers += $Server - continue; - } - - if (-not $resultsInvoke.IsMitigationRequired) { - Write-Verbose ("Mitigation is not required on server {0}" -f $Server) - $NoImpactServers += $Server - continue - } - - if ($resultsInvoke.IsSuccessful) { - Write-Verbose ("Successfully applied mitigation on server {0}" -f $Server) - } else { - Write-Host ("Script failed to apply mitigation on server {0}" -f $Server) -ForegroundColor Red - $FailedServers += $Server - continue - } - } - } - } end { - Write-Progress @progressParams -Completed - - if (-not $WhatIfPreference) { - if ($FailedServers.Length -gt 0) { - Write-Host ("Unable to apply mitigation of following servers: {0}" -f [string]::Join(", ", $FailedServers)) -ForegroundColor Red - } - - if ($NoImpactServers.Length -gt 0) { - Write-Host ("No mitigation required for the following servers : {0}. These servers have already been mitigated." -f [string]::Join(", ", $NoImpactServers)) - } - } - } -} diff --git a/Security/src/CVE-2023-21709/ConfigurationAction/Invoke-Rollback.ps1 b/Security/src/CVE-2023-21709/ConfigurationAction/Invoke-Rollback.ps1 deleted file mode 100644 index 9d1cadbaf8..0000000000 --- a/Security/src/CVE-2023-21709/ConfigurationAction/Invoke-Rollback.ps1 +++ /dev/null @@ -1,108 +0,0 @@ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. - -. $PSScriptRoot\..\..\..\..\Shared\Invoke-ScriptBlockHandler.ps1 -. $PSScriptRoot\..\..\..\..\Shared\Write-ErrorInformation.ps1 - -function Invoke-Rollback { - [CmdletBinding()] - param( - [Parameter(Mandatory = $true)] - [string[]]$ExchangeServers - ) - - begin { - $FailedServers = New-Object 'System.Collections.Generic.List[string]' - $NoImpactServers = New-Object 'System.Collections.Generic.List[string]' - - $progressParams = @{ - Activity = "Adding TokenCachingModule" - Status = [string]::Empty - PercentComplete = 0 - } - - Write-Verbose "Calling: $($MyInvocation.MyCommand)" - - $ConfigureRollback = { - $results = @{ - IsRollbackRequired = $true - IsSuccessful = $false - ErrorContext = $null - } - - try { - if ($null -ne (Get-WebGlobalModule -Name "TokenCacheModule")) { - $results.IsRollbackRequired = $false - return $results - } - - New-WebGlobalModule -Name "TokenCacheModule" -Image "%windir%\System32\inetsrv\cachtokn.dll" -ErrorAction Stop - - if (-not $WhatIfPreference) { - if ($null -ne (Get-WebGlobalModule -Name "TokenCacheModule")) { - $results.IsSuccessful = $true - } - } - } catch { - $results.ErrorContext = $_ - } - - return $results - } - } process { - $counter = 0 - $totalCount = $ExchangeServers.Count - - if ($WhatIfPreference) { - Write-Host ("What if: Will perform the below actions on the following servers: {0}" -f [string]::Join(", ", $ExchangeServers)) - } - - foreach ($Server in $ExchangeServers) { - $baseStatus = "Processing: $Server -" - $progressParams.PercentComplete = ($counter / $totalCount * 100) - $progressParams.Status = "$baseStatus Rollback mitigation" - Write-Progress @progressParams - - $counter ++; - - if (-not $WhatIfPreference -or ($Server).Split(".")[0] -eq $env:COMPUTERNAME) { - Write-Verbose ("Calling Invoke-ScriptBlockHandler on Server {0}" -f $Server) - $resultsInvoke = Invoke-ScriptBlockHandler -ComputerName $Server -ScriptBlock $ConfigureRollback - } - - if (-not $WhatIfPreference) { - if ($null -eq $resultsInvoke) { - Write-Warning ("Server {0} is unavailable. Skipping it!" -f $Server) - $FailedServers += $Server - continue; - } - - if (-not $resultsInvoke.IsRollbackRequired) { - Write-Verbose ("Rollback is not required on server {0}" -f $Server) - $NoImpactServers += $Server - continue - } - - if ($resultsInvoke.IsSuccessful) { - Write-Verbose ("Successfully rollback mitigation on server {0}" -f $Server) - } else { - Write-Host ("Script failed to rollback mitigation on server {0}" -f $Server) -ForegroundColor Red - $FailedServers += $Server - continue - } - } - } - } end { - Write-Progress @progressParams -Completed - - if (-not $WhatIfPreference) { - if ($FailedServers.Length -gt 0) { - Write-Host ("Unable to rollback mitigation of following servers: {0}" -f [string]::Join(", ", $FailedServers)) -ForegroundColor Red - } - - if ($NoImpactServers.Length -gt 0) { - Write-Host ("No rollback required for the following servers : {0}" -f [string]::Join(", ", $NoImpactServers)) - } - } - } -} diff --git a/Security/src/CVE-2023-21709/ConfigurationAction/Invoke-TokenCacheModuleAction.ps1 b/Security/src/CVE-2023-21709/ConfigurationAction/Invoke-TokenCacheModuleAction.ps1 new file mode 100644 index 0000000000..e855044063 --- /dev/null +++ b/Security/src/CVE-2023-21709/ConfigurationAction/Invoke-TokenCacheModuleAction.ps1 @@ -0,0 +1,152 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +. $PSScriptRoot\..\..\..\..\Shared\Invoke-ScriptBlockHandler.ps1 +. $PSScriptRoot\..\..\..\..\Shared\Write-ErrorInformation.ps1 + +function Invoke-TokenCacheModuleAction { + [CmdletBinding()] + param( + [Parameter(Mandatory = $true)] + [string[]]$ExchangeServers, + + [Parameter(Mandatory = $false)] + [ValidateSet("Protect", "Rollback")] + [string]$Action = "Protect" + ) + + begin { + Write-Verbose "Calling: $($MyInvocation.MyCommand)" + $counter = 0 + $totalCount = $ExchangeServers.Count + $failedServers = New-Object 'System.Collections.Generic.List[string]' + $noImpactServers = New-Object 'System.Collections.Generic.List[string]' + + $progressParams = @{ + Activity = if ($Action -eq "Protect") { "Removing TokenCachingModule" } else { "Adding TokenCachingModule" } + Status = [string]::Empty + PercentComplete = 0 + } + + function InvokeTokenCacheModuleConfiguration { + param ( + [Parameter(Mandatory = $false)] + [ValidateSet("Protect", "Rollback")] + [string]$ConfigurationAction = "Protect" + ) + + Write-Verbose "Calling: $($MyInvocation.MyCommand)" + $results = @{ + TokenCacheModuleInstalled = $false + ActionSuccessful = $false + ErrorContext = $null + } + + try { + $results.TokenCacheModuleInstalled = ($null -ne (Get-WebGlobalModule -Name "TokenCacheModule")) + + if ($ConfigurationAction -eq "Protect") { + if ($results.TokenCacheModuleInstalled) { + Write-Verbose ("TokenCacheModule was found - trying to remove it now...") + $clearWebConfigurationParams = @{ + Filter = "/system.webServer/globalModules/add[@name='TokenCacheModule']" + PSPath = "IIS:\" + ErrorAction = "Stop" + } + [void](Clear-WebConfiguration @clearWebConfigurationParams) + + if (-not($WhatIfPreference)) { + $results.ActionSuccessful = ($null -eq (Get-WebGlobalModule -Name "TokenCacheModule")) + } + } else { + Write-Verbose ("TokenCacheModule was not found - no action to perform") + } + } else { + if ($results.TokenCacheModuleInstalled -eq $false) { + Write-Verbose ("TokenCacheModule was not found - trying to restore it now...") + $newWebGlobalModuleParams = @{ + Name = "TokenCacheModule" + Image = "%windir%\System32\inetsrv\cachtokn.dll" + ErrorAction = "Stop" + } + [void](New-WebGlobalModule @newWebGlobalModuleParams) + + if (-not($WhatIfPreference)) { + $results.ActionSuccessful = ($null -ne (Get-WebGlobalModule -Name "TokenCacheModule")) + } + } else { + Write-Verbose ("TokenCacheModule was found - no action to perform") + } + } + } catch { + Write-Verbose ("We hit an exception: $($_.Exception.Message)") + $results.ErrorContext = $_ + } + return $results + } + } process { + if ($WhatIfPreference) { + Write-Host ("What if: Performing the below actions on the following servers: {0}" -f [string]::Join(", ", $ExchangeServers)) + } + + foreach ($server in $ExchangeServers) { + Write-Host ("Now processing server: $server") + $progressParams.PercentComplete = ($counter / $totalCount * 100) + $progressParams.Status = "Processing: $server - Action: $Action" + Write-Progress @progressParams + + $counter++ + + if (-not($WhatIfPreference)) { + $configurationActionParams = @{ + ComputerName = $server + ScriptBlock = ${Function:InvokeTokenCacheModuleConfiguration} + ArgumentList = $Action + } + $resultsInvoke = Invoke-ScriptBlockHandler @configurationActionParams + } + + if (-not($WhatIfPreference)) { + if ($null -eq $resultsInvoke) { + Write-Host ("Server: $server is unavailable and will be skipped") -ForegroundColor Yellow + $failedServers.Add($server) + continue + } + + if ($Action -eq "Protect") { + if ($resultsInvoke.TokenCacheModuleInstalled -eq $false) { + Write-Host ("Action is not required on server: $server") + $noImpactServers.Add($server) + continue + } + } else { + if ($resultsInvoke.TokenCacheModuleInstalled) { + Write-Host ("Rollback is not required on server: $server") + $noImpactServers.Add($server) + continue + } + } + + if ($resultsInvoke.ActionSuccessful) { + Write-Host ("Successfully performed action '$Action' on server: $server") -ForegroundColor Green + } else { + Write-Host ("Script failed to perform action '$Action' on server: $server") -ForegroundColor Red + $failedServers.Add($server) + continue + } + } + } + } end { + Write-Progress @progressParams -Completed + + if (-not($WhatIfPreference)) { + if ($failedServers.Length -gt 0) { + Write-Host ("Unable to perform action '$Action' on the following servers: {0}" -f [string]::Join(", ", $failedServers)) -ForegroundColor Red + } + + if ($noImpactServers.Length -gt 0) { + Write-Host ("No need to perform action '$Action' on the following servers: {0} as they are in the expected state" -f [string]::Join(", ", $noImpactServers)) + } + } + } +} diff --git a/Security/src/CVE-2023-21709/WriteFunctions.ps1 b/Security/src/CVE-2023-21709/WriteFunctions.ps1 deleted file mode 100644 index f46cf6343b..0000000000 --- a/Security/src/CVE-2023-21709/WriteFunctions.ps1 +++ /dev/null @@ -1,10 +0,0 @@ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. - -function Write-VerboseLog ($Message) { - $Script:Logger = $Script:Logger | Write-LoggerInstance $Message -} - -function Write-HostLog ($Message) { - $Script:Logger = $Script:Logger | Write-LoggerInstance $Message -} diff --git a/docs/Security/CVE-2023-21709.md b/docs/Security/CVE-2023-21709.md index 51dd8be640..f2ca964f14 100644 --- a/docs/Security/CVE-2023-21709.md +++ b/docs/Security/CVE-2023-21709.md @@ -44,3 +44,5 @@ Parameter | Description ExchangeServerNames | A list of Exchange servers that you want to run the script against. This can be used for applying or rollback the `CVE-2023-21709` configuration change. SkipExchangeServerNames | A list of Exchange servers that you don't want to execute the `TokenCacheModule` configuration action. Rollback | Switch parameter to rollback the `CVE-2023-21709` configuration change and add the `TokenCacheModule` back to IIS. +ScriptUpdateOnly | Switch parameter to only update the script without performing any other actions. +SkipVersionCheck | Switch parameter to skip the automatic version check and script update.