This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 41%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hello,
I have Exchange Server 2016 on-prem installation. I am trying to follow the mitigation steps provided for CVE-2022-41040/CVE-2022-41082 mentioned here: https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
I have successfully executed the EOMTv2 script mentioned here: https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/
My question is about removing remote PowerShell access for users. So, exchange documentation says that every user, by default, has remote PowerShell access. However, to establish a remote session, the client host must be a part of "TrustedHosts" on the Exchange server. So, if I have not added any host to the TrustedHosts on the exchange server, do I still need to disable the remote PoweShell access for the non-admin users? Is the CVE still exploitable if a user has remote PowerShell access but does not have a TrustedHost?
Thank you.
Mo.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 31%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJX%3C/text%3E%3C/svg%3E)
Hi @Mo ,
Agree with Andy. To protect you from the vulnerability, you still need to disable the remote PowerShell access for non-admin users.
You could mark the helpful reply as an answer if your issue has been resolved.
Hi, I'm here to confirm with you if your issue has been resolved. If the problem is successfully solved, you can share your solution and mark them or the helpful reply as answer, this will make answer searching in the forum easier and be beneficial to other community members as well.
The trusted hosts list is not relevant here because the internal domain joined users are using kerberos to connect typically so you need to disable remote powershell
