A vendor is asking me to change the PSLanguageMode from within IIS on my Exchange server(s).
What potential vulnerabilities am I opening myself up to?
I'm surprised to see this option present within IIS. What other locations can I set PSLanguageMode? (Machine.config, etc)
I would look on MsDN and support.microsoft.com for any IIS vulnerabilities first since IIS is usually the target du jour for hackers.
Then look for the PS module specifics to check if they are screwed up after a recent update or something esoteric -- I would be wary of Unicode and any of the larger character sets -- have him point you to the KB suggesting the changes and do your due diligence first.
