Outlook Vulnerability -CVE-2023-23397 - errors in script CVE-2023-23397.ps1

Question

Hi All,

I have tried to run the script provided by microsoft for the CVE-2023-23397 vulnerability, CVE-2023-23397.ps1

I am trying to run the script for Exchange online and get the following error for every mailbox:

(Get-Mailbox).PrimarySMTPAddress | .\CVE-2023-23397.ps1 -Environment Online

C:\temp\CVE-2023-23397.ps1 : The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of the parameters that take pipeline input.

At line:1 char:36

+ ... ailbox).PrimarySMTPAddress | .\CVE-2023-23397.ps1 -Environment Online

+                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (email@domain.com:String) [CVE-2023-23397.ps1], ParameterBindingException

    + FullyQualifiedErrorId : InputObjectNotBound,CVE-2023-23397.ps1

Then the script completes with the following:

CVE-2023-23397 script version 23.03.17.2033

Trying to find Microsoft.Exchange.WebServices.dll in the script folder

Microsoft.Exchange.WebServices.dll was found in the script folder

Prompting user for authentication, please minimize this window if you do not see an authorization prompt as it may be in the background

Waiting 60 seconds for app credentials to register..

Continuing...

No mailbox provided

Does anyone know why these errors are occuring? and how to get the script to run properly. 

Thanks and regards,

Phil

Answer 1

If you want to check the mailboxes, then all you need to do is:

Get-Mailbox  | .\CVE-2023-23397.ps1 -Environment Online

Alternatively:

https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-23397/FAQ/