Howdy ! Exchange Brain Trust,

Working with a customer who’s fully on 365 with no Exchange servers left on-prem but the Vulnerable Schema Class exists from a previous implementation of Exchange. 

Even after uninstallation of all Exchange servers, the schema extensions made by Exchange to the Active Directory are not removed. Therefore, customer is currently vulnerable to CVE-2021-34470 and should execute this script to address this vulnerability.

If anyone have dealt with this before or can help me clarifying what implications this change can have to the normal operations and future objects provisioning (or any risk at all to the environment), that’d be really appreciated!. 

Changes: Schema Modification

If the -ApplyFix parameter is used, the script modifies the schema by clearing the possSuperiors propertyof the ms-Exch-Storage-Group entry.

Thank you!

​Howdy ! Exchange Brain Trust,Working with a customer who’s fully on 365 with no Exchange servers left on-prem but the Vulnerable Schema Class exists from a previous implementation of Exchange.  Even after uninstallation of all Exchange servers, the schema extensions made by Exchange to the Active Directory are not removed. Therefore, customer is currently vulnerable to CVE-2021-34470 and should execute this script to address this vulnerability. If anyone have dealt with this before or can help me clarifying what implications this change can have to the normal operations and future objects provisioning (or any risk at all to the environment), that’d be really appreciated!.  Changes: Schema ModificationIf the -ApplyFix parameter is used, the script modifies the schema by clearing the possSuperiors propertyof the ms-Exch-Storage-Group entry. Thank you!  Read More

​