We've recently had a number of our staff ask about the recent OWA hack. To appease their fears, I went through and checked my OWA boxes to make sure that the OWAAuth.DLL hadn't been replaced or re-registered using a hacked version.
Second step, it checks the registry on these same servers and looks to see what's registered. I visually checked to see if the path in the registry matches the install path. (Those registry values I found by searching one of my OWA box registries for the filename.)
My server running Exchange 2010 SP3 RU10 returned:
Name : OWAAuth.dll
Length : 104632
Version : 14.03.0248.002
LastWriteTime : 5/27/2015 1:47:42 PM
PSComputerName : OWASERVER1
C:\Program Files\Exchange\ClientAccess\Owa\auth\OWAAuth.dll
$servers = @("OWAServer1","OWAServer2") # get-ExchangeServer $sbFileVersion = { $FilePath = "C:\Program Files\Exchange\ClientAccess\Owa\auth\OWAAuth.dll" Get-ChildItem $FilePath | Select-Object Name,length,@{Name="Version";Expression={$_.versionInfo.FileVersion}},LastWriteTime } Invoke-Command -ScriptBlock $sbFileVersion -ComputerName $servers # | group fileversion $SBRegistry = { #Return installed folder path for OWAAuth.DLL $RegKey = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\66A06D0DD155D354CB4C311E0ED2EE9D" $RegValue="AE1D439464EB1B8488741FFA028E291C" (Get-ItemProperty $regkey).$regvalue } Invoke-Command -ScriptBlock $SBRegistry -ComputerName $serversThis does two things. First off, it checks the install path of the OWAAuth.DLL and returns the version and size of the file. I skimmed these to look for differences in the installed files.
Second step, it checks the registry on these same servers and looks to see what's registered. I visually checked to see if the path in the registry matches the install path. (Those registry values I found by searching one of my OWA box registries for the filename.)
My server running Exchange 2010 SP3 RU10 returned:
Name : OWAAuth.dll
Length : 104632
Version : 14.03.0248.002
LastWriteTime : 5/27/2015 1:47:42 PM
PSComputerName : OWASERVER1
C:\Program Files\Exchange\ClientAccess\Owa\auth\OWAAuth.dll
No comments:
Post a Comment