Merge pull request #1807 from microsoft/main

Release 8-11-23
microsoft · Aug 11, 2023 · 58b95b3 · 58b95b3
2 parents 0e0aeec + 2a969e4
commit 58b95b3
Showing 1 changed file with 18 additions and 6 deletions.
diff --git a/Security/src/CVE-2023-21709/CVE-2023-21709.ps1 b/Security/src/CVE-2023-21709/CVE-2023-21709.ps1
@@ -86,17 +86,29 @@ begin {
     }
 
     try {
+        $iisAppPoolWording = "Note that each Exchange server's IIS Application Pool will be restarted after either applying the setting change or restore action."
+        $vulnerabilityMoreInformationWording = "More information about the vulnerability can be found here: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2023-21709."
         if (-not $Rollback) {
             $params = @{
-                Message   = "Display Warning about removing TokenCacheModule"
-                Target    = "TokenCacheModule is recommended to be removed from IIS for security reasons. " +
-                "Removal of this module might have performance impact on Outlook For Web and Active-Sync" +
-                "`r`nYou can find more information on: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2023-21709. Do you want to proceed?"
+                Message   = "Display Warning about TokenCacheModule removal operation"
+                Target    = "Removal of TokenCacheModule from IIS is recommended for security reasons. " +
+                "Removal of this module might have performance impact during first logon after cache is removed for OWA/ECP and Exchange Active Sync clients. " +
+                "$iisAppPoolWording" +
+                "`r`n$vulnerabilityMoreInformationWording" +
+                "`r`nDo you want to proceed?"
                 Operation = "Removing TokenCacheModule from IIS"
             }
-
-            Show-Disclaimer @params
+        } else {
+            $params = @{
+                Message   = "Display Warning about TokenCacheModule rollback operation"
+                Target    = "TokenCacheModule will be restored in IIS. This makes the system vulnerable to the CVE-2023-21709 vulnerability again. " +
+                "$iisAppPoolWording" +
+                "`r`n$vulnerabilityMoreInformationWording" +
+                "`r`nDo you want to proceed?"
+                Operation = "Adding TokenCacheModule back to IIS"
+            }
         }
+        Show-Disclaimer @params
 
         Write-Verbose ("Running Get-ExchangeServer to get list of all exchange servers")
         Set-ADServerSettings -ViewEntireForest $true