From 4dd664efc7deafff9e447a29c2d50ba6c6eb3132 Mon Sep 17 00:00:00 2001 From: Bill Long Date: Tue, 3 Aug 2021 11:18:47 -0500 Subject: [PATCH 1/2] Fix docs typo --- docs/Security/Test-CVE-2021-34470.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Security/Test-CVE-2021-34470.md b/docs/Security/Test-CVE-2021-34470.md index bb54cecf51..52e0fa2839 100644 --- a/docs/Security/Test-CVE-2021-34470.md +++ b/docs/Security/Test-CVE-2021-34470.md @@ -5,4 +5,4 @@ parent: Security ## Test-CVE-2021-34470.ps1 -Download the latest release: [Test-Test-CVE-2021-34470.ps1](https://github.com/microsoft/CSS-Exchange/releases/latest/download/Test-CVE-2021-34470.ps1) +Download the latest release: [Test-CVE-2021-34470.ps1](https://github.com/microsoft/CSS-Exchange/releases/latest/download/Test-CVE-2021-34470.ps1) From f50730c7d473b98c832afdc8685b5bc9d0b9993e Mon Sep 17 00:00:00 2001 From: Bill Long Date: Tue, 3 Aug 2021 11:31:15 -0500 Subject: [PATCH 2/2] Add help and docs --- Security/src/Test-CVE-2021-34470.ps1 | 18 ++++++++++++++++++ docs/Security/Test-CVE-2021-34470.md | 17 +++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/Security/src/Test-CVE-2021-34470.ps1 b/Security/src/Test-CVE-2021-34470.ps1 index bfef1c42a4..e14f1addaf 100644 --- a/Security/src/Test-CVE-2021-34470.ps1 +++ b/Security/src/Test-CVE-2021-34470.ps1 @@ -1,6 +1,24 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. +<# +.SYNOPSIS + Test for and addresses CVE-2021-34470. +.DESCRIPTION + Environments running supported versions of Exchange Server should address + CVE-2021-34470 by applying the CU and/or SU for the respective versions of + Exchange, as described in + https://techcommunity.microsoft.com/t5/exchange-team-blog/released-july-2021-exchange-server-security-updates/ba-p/2523421. + + Environments running Exchange 2010, or environments where all Exchange + servers have been removed, can use this script to address the vulnerability. +.EXAMPLE + PS> .\Test-CVE-2021-34470.ps1 + Reports whether the vulnerability is present. +.EXAMPLE + PS> .\Test-CVE-2021-34470.ps1 -ApplyFix + Fixes the vulnerability if found. Note that this syntax requires Schema Admin. +#> [CmdletBinding()] param ( [Parameter()] diff --git a/docs/Security/Test-CVE-2021-34470.md b/docs/Security/Test-CVE-2021-34470.md index 52e0fa2839..8938c58f7d 100644 --- a/docs/Security/Test-CVE-2021-34470.md +++ b/docs/Security/Test-CVE-2021-34470.md @@ -6,3 +6,20 @@ parent: Security ## Test-CVE-2021-34470.ps1 Download the latest release: [Test-CVE-2021-34470.ps1](https://github.com/microsoft/CSS-Exchange/releases/latest/download/Test-CVE-2021-34470.ps1) + +Environments running supported versions of Exchange Server should address CVE-2021-34470 by applying the CU and/or SU for the respective versions +of Exchange, as described in [Released: July 2021 Exchange Server Security Updates](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-july-2021-exchange-server-security-updates/ba-p/2523421). + +Environments running Exchange 2010, or environments where all Exchange servers have been removed, can use this script to address the vulnerability. + +### Examples + +Check for the vulnerability: + +`.\Test-CVE-2021-34470.ps1` + +Fix the vulnerability if found: + +`.\Test-CVE-2021-34470.ps1 -ApplyFix` + +Note that the user must be a Schema Admin to use the -ApplyFix switch.