CVE-2022-41040/CVE-2022-41082 | Exchange server 2016 | Should I disable remote powershell for users if I have no TrustedHosts?

Mo 1 Reputation point
2022-10-12T20:13:15.623+00:00

Hello,

I have Exchange Server 2016 on-prem installation. I am trying to follow the mitigation steps provided for CVE-2022-41040/CVE-2022-41082 mentioned here: https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/

I have successfully executed the EOMTv2 script mentioned here: https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/

My question is about removing remote PowerShell access for users. So, exchange documentation says that every user, by default, has remote PowerShell access. However, to establish a remote session, the client host must be a part of "TrustedHosts" on the Exchange server. So, if I have not added any host to the TrustedHosts on the exchange server, do I still need to disable the remote PoweShell access for the non-admin users? Is the CVE still exploitable if a user has remote PowerShell access but does not have a TrustedHost?

Thank you.

Mo.

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,388 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andy David - MVP 142.7K Reputation points MVP
    2022-10-12T20:23:57.773+00:00

    The trusted hosts list is not relevant here because the internal domain joined users are using kerberos to connect typically so you need to disable remote powershell

    https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_remote_troubleshooting?view=powershell-7.2

    249827-image.png

    0 comments No comments