Shulou(Shulou.com)11/24 Report--

CTOnews.com, February 17 (Xinhua) Microsoft disclosed in detail the security bypass (CVE-2021-26414) vulnerability in the distributed component object Model (DCOM) in June 2021. Microsoft issued a reminder today that it will enable DCOM enhancements by default on Win10, Win11 and Windows Server next month.

According to Microsoft's official schedule, DCOM hardening changes will be enabled by default on March 14, 2023, and users cannot disable them.

CTOnews.com with an official introduction from Microsoft:

The distributed component object Model (DCOM) is a remote protocol used to expose application objects in remote procedure calls (RPC). DCOM is mainly used for communication between software components of network devices. CVE-2021-26414 requires hardening changes to be enabled in DCOM. Therefore, client or server applications that use DCOM or RPC need to verify that they are working as expected and that hardening changes are enabled at the same time.

The first phase of the DCOM update was released on June 8, 2021. In this update, DCOM hardening is disabled by default. You can enable them by modifying the registry, as described in the "Registry Settings to enable or disable reinforcement changes" section below.

The second phase of the DCOM update was released on June 14, 2022. This changes hardening to enabled by default, but retains the ability to disable changes using registry key settings. The final phase of the DCOM update will be released in March 2023. It keeps DCOM hardening enabled and removes features that disable it.

We know that DCOM hardening changes can cause application compatibility issues in the environment. The latest security update released in November 2022 includes the following features to easily manage this migration:

New DCOM error event-to help identify applications that may have compatibility issues after enabling DCOM security hardening changes, we added a new DCOM error event to the system log. For more information about the release timeline and supported platforms, see below.

Authentication level of all non-anonymous activation requests-to help reduce application compatibility issues, we automatically increase the authentication level of all non-anonymous activation requests from Windows-based DCOM clients to at least RPC_C_AUTHN_LEVEL_PKT_INTEGRITY. With this change, most Windows-based DCOM client requests are automatically accepted, with DCOM hardening changes enabled on the server side without any further modification to the DCOM client.

Although we recommend that you install the latest security updates, we also want to provide you with more control if the latest security updates are not installed in the environment.

Enable DCOM hardening. If you have not installed the update of June 14, 2022 or later, you can set the RequireIntegrityActivationAuthenticationLevel registry key to 1 for all DCOM servers. This will enable DCOM hardening in your environment.

Raise the authentication level. If you have not installed the update of November 8, 2022 or later, you can set the RaiseActivationAuthenticationLevel registry key to 2 for all Windows-based DCOM clients. This increases the authentication level to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY for all non-anonymous activation requests from Windows-based DCOM clients.

It is recommended that you complete the testing in the environment and enable these enhancement changes as soon as possible. If a problem is found during testing, you must contact the affected client or server software vendor for updates or workarounds before releasing the March 2023 update.

Note it is strongly recommended that you install the latest security updates available. They provide advanced protection against the latest security threats, as well as the features we have added to support migration. For more information and context on how to strengthen DCOM, see DCOM Authentication Enhancement: what you need to know.

Updated version

Behavior change

June 8, 2021

Hardening changes are disabled by default, but they can be enabled using registry keys.

June 14, 2022

Hardening changes enabled by default, but can be disabled using the registry key.

November 8, 2022

In response to your feedback, the November 8, 2022 update includes patches for clients (devices, applications, or services) acting as DCOM clients. This patch automatically increases the authentication level of all non-anonymous activation requests to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY. This patch removes dependencies if you use a third-party Windows DCOM client application and rely on a software provider to increase the activation authentication level to support DCOM hardening changes. This allows you to automatically increase the active authentication level at the Windows OS level. This prevents DCOM servers that enable DCOM hardening changes from rejecting activation requests.

March 14, 2023

Hardening changes enabled by default, but cannot be disabled. At this point, any compatibility issues with hardening changes and applications in the environment must be resolved.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.