MC481742 – Reminder: Windows Distributed Component Object Model (DCOM) hardening changes as of November 8, 2022 (archived)

Admin impact, Major update, Stay Informed, Windows

check before: 2023-03-14

Product:

Windows

Platform:

Windows Desktop, World tenant

Status:

Change type:

Admin impact

Links:

Details:

As previously announced, security requirements have increased for Windows devices that use the Distributed Component Object Model (DCOM) or Remote Procedure Call (RPC) server technologies. Windows update releases starting June 2021 address a vulnerability in the DCOM remote protocol by progressively increasing security hardening in DCOM.

Today, DCOM clients attempting to establish connections to DCOM servers which have applied updates released June 14, 2022, or later, must either support an authentication level of RPC_C_AUTHN_LEVEL_PKT_INTEGRITY and higher. DCOM client-side updates available November 8, 2022 automatically raise all non-anonymous activation requests from DCOM clients to this authentication level. Our documentation has been updated with a new summary and details of the implementation. See KB5004442—Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414).

When will this happen:

The below timeline explains the recent and remaining hardening events coming to DCOM.

November 8, 2022: updates released on this day automatically raised authentication level for all non-anonymous activation requests from DCOM clients to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY if it's below Packet Integrity. With this change, most Windows DCOM client applications will automatically work with DCOM hardening change on server side without any modification to the DCOM client applications. See KB5004442 for more details and to understand this change's interaction with third-party Windows DCOM client applications.
March 14, 2023: updates released on this day will enable hardening changes with no ability to disable them. Any compatibility issues with the hardening changes must be resolved before that date, as it will not be possible to continue using the registry key to bypass them.

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:

Created:
2022-12-08

updated:
2022-12-08

the free basic plan is required to see all details. Sign up here

A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.

Get a Plan

Last updated 4 months ago

MC708249 - Reminder: Changes to Windows Boot Manager… 19. January 2024 Administration check before: 2024-04-09 Product: Office 365 general, Windows Platform: Windows Desktop, World tenant Status: Change type: Admin impact Links: Details: Windows updates released July 11, 2023 and later include security measures which protect against a…
MC761226 - Microsoft Copilot with Graph-grounded… 29. March 2024 Administration check before: 2024-04-12 Product: Copilot, Microsoft Search, Teams Platform: Developer, World tenant Status: Change type: Feature update, User impact Links: Details: Microsoft Copilot's "work" scope is being upgraded to GPT-4 Turbo model, resulting in faster…
386905 - Microsoft Viva: Viva Engage navigation… 6. March 2024 General Availability *For this entry exists the more relevant or more recent entry MC732105 check before: 2024-03-01 Product: Microsoft Viva, Microsoft Viva Engage, Outlook, Teams Platform: Web, World tenant Status: Launched Change type: Links: MC732105 Details: Updates…
MC711011 - Plan for Change Reminder: Windows 365… 30. January 2024 Administration check before: 2024-02-13 Product: Windows 365 Platform: Windows Desktop, World tenant Status: Change type: Admin impact Links: MC681883 Details: As previously mentioned in MC681883, Windows 365 will streamline its network requirements by eliminating various endpoints…
MC735745 - 90-Day Reminder: Windows 10, version 21H2… 14. March 2024 Administration check before: 2024-03-27 Product: Windows Platform: Education, Windows Desktop, World tenant Status: Change type: Admin impact Links: Details: On June 11, 2024, Enterprise, Education, and IoT Enterprise editions of Windows 10, version 21H2 will reach…
MC707652 - Reminder: Stream (Classic) retires on… 17. January 2024 Administration check before: 2024-01-31 Product: eDiscovery, Microsoft 365 Apps, Microsoft Graph, Microsoft Viva Connections, Microsoft Viva Engage, OneDrive, SharePoint, Stream, Teams Platform: Developer, Multi-Geo, Web, World tenant Status: Change type: User impact, Admin impact, Retirement Links:…

You must be logged in to post a comment.

Share to MS Teams

MC481742 – Reminder: Windows Distributed Component Object Model (DCOM) hardening changes as of November 8, 2022 (archived)

check before: 2023-03-14

Related Posts:

Leave a Reply

cloudscout.one

Schierding.one GmbH

become an evergreen hero

Hey there! We've got some great news - our Basic Plus plan has everything you need to succeed, and it's completely free! So, don't hesitate - take advantage of this amazing opportunity today!

Welcome Back, We Missed You!