CVE-2022-41040/CVE-2022-41082 | Exchange server 2016 | Should I disable remote powershell for users if I have no TrustedHosts?

Mo 1 Reputation point


I have Exchange Server 2016 on-prem installation. I am trying to follow the mitigation steps provided for CVE-2022-41040/CVE-2022-41082 mentioned here:

I have successfully executed the EOMTv2 script mentioned here:

My question is about removing remote PowerShell access for users. So, exchange documentation says that every user, by default, has remote PowerShell access. However, to establish a remote session, the client host must be a part of "TrustedHosts" on the Exchange server. So, if I have not added any host to the TrustedHosts on the exchange server, do I still need to disable the remote PoweShell access for the non-admin users? Is the CVE still exploitable if a user has remote PowerShell access but does not have a TrustedHost?

Thank you.


Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,388 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andy David - MVP 142.7K Reputation points MVP

    The trusted hosts list is not relevant here because the internal domain joined users are using kerberos to connect typically so you need to disable remote powershell


    0 comments No comments