check before: 2023-03-14
Product:
Windows, Windows Server
Platform:
Windows Desktop, World tenant
Status:
Change type:
Admin impact
Links:

Details:
As previously announced, security requirements have increased for Windows devices that use the Distributed Component Object Model (DCOM) or Remote Procedure Call (RPC) server technologies. Windows update releases starting June 2021 address a vulnerability in the DCOM remote protocol by progressively increasing security hardening in DCOM.
Today, DCOM clients attempting to establish connections to DCOM servers which have applied updates released June 14, 2022, or later, must either support an authentication level of RPC_C_AUTHN_LEVEL_PKT_INTEGRITY and higher. DCOM client-side updates available November 8, 2022 automatically raise all non-anonymous activation requests from DCOM clients to this authentication level. Our documentation has been updated with a new summary and details of the implementation. See KB5004442—Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414).
When will this happen:
The below timeline explains the recent and remaining hardening events coming to DCOM.
November 8, 2022: updates released on this day automatically raised authentication level for all non-anonymous activation requests from DCOM clients to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY if it's below Packet Integrity. With this change, most Windows DCOM client applications will automatically work with DCOM hardening change on server side without any modification to the DCOM client applications. See KB5004442 for more details and to understand this change's interaction with third-party Windows DCOM client applications.
March 14, 2023: updates released on this day will enable hardening changes with no ability to disable them. Any compatibility issues with the hardening changes must be resolved before that date, as it will not be possible to continue using the registry key to bypass them.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2022-12-08
updated:
2022-12-08
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
** AI generated content. This information is not reliable.
the free basic plan is required to see all details. Sign up here
Last updated 6 months ago