[German]Microsoft has revised its description of CVE-2021-26414 (Windows DCOM Server Security Feature Bypass) to June 28, 2022. It has added security updates for Windows 10 version 21H2, Windows 11 and Windows Server 2022, as these Windows versions are also affected by this vulnerability. Microsoft urges users to install the updates and notes that RPC_C_AUTHN_LEVEL_PKT_INTEGRITY on DCOM servers will be enabled by default as a result of the update.
Advertising
CVE-2021-26414 describes a vulnerability in Windows DCOM Server that can be used to bypass authentication. However, this vulnerability requires a user with an affected version of Windows to access a malicious server. An attacker would have to host a specially crafted server share or Web site. An attacker would have no way to force users to visit that specially crafted server share or Web site, but would have to convince them to visit the server share or Web site, usually via e-mail or chat message.
Microsoft rates the exploitability of this vulnerability as Low (Exploitation Less Likely), but has closed this vulnerability with the June 14, 2022 Windows Updates. It is relevant for administrators that the RPC_C_AUTHN_LEVEL_PKT_INTEGRITY setting changes with the updates. Microsoft writes about this in its FAQ:
The security updates released on June 8, 2021, enable RPC_C_AUTHN_LEVEL_PKT_INTEGRITY by default on DCOM clients and provide full protection after RequireIntegrityActivationAuthenticationLevel = 1 is manually set on DCOM servers by following the steps in Managing Changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414).
Note that a reboot is required after making changes to the RequireIntegrityActivationAuthenticationLevel registry key. Microsoft recommends that you enable full protection as soon as possible to detect issues with interoperability of operating systems and applications between Windows and non-Windows operating systems and applications.
With the June 14, 2022 security updates, RPC_C_AUTHN_LEVEL_PKT_INTEGRITY is now enabled by default on DCOM servers. Customers who need it can still disable it by using the RequireIntegrityActivationAuthenticationLevel registry key.
Microsoft notes the revision of the corresponding descriptions in an email dated June 28, 2022:
********************************************************
Title: Microsoft Security Update Revisions
Issued: June 28, 2022
********************************************************
Summary
=======
Advertising
The following CVE has undergone a revision increment.
========================================================
* CVE-2021-26414
– CVE-2021-26414 | Windows DCOM Server Security Feature Bypass
– Version: 3.0
– Reason for Revision: In the Security Updates table, added all supported editions
of Windows 10 version 21H2, Windows Windows 11, and Windows Server 2022 as they
are affected by this vulnerability. Customers running any of these versions of
Windows should install the June 14, 2022 security updates to be protected from
this vulnerability. After these updates are installed,
RPC_C_AUTHN_LEVEL_PKT_INTEGRITY on DCOM servers will be enabled by default.
Customers who need to do so can still disable it by using the
RequireIntegrityActivationAuthenticationLevel registry key. Microsoft strongly
recommends that customers install the updates, complete testing in your environment,
and enable these hardening changes as soon as possible.
– Originally posted: June 8, 2021
– Updated: June 28, 2022
– Aggregate CVE Severity Rating: Important
Similar articles:
Patchday: Windows 10-Updates (June 14, 2022)
Patchday: Windows 11/Server 2022 Updates (June 14, 2022)
Windows 7/Server 2008R2; Windows 8.1/Server 2012R2: Updates (June 14, 2022)
June 2022 patch day review: Windows update issues, Intel vulnerability, documentation fails
June 2022 Patchday issues (part 2): RDP, VPN, WLAN, hotspot connection and more
Windows 10, 11, Server: Preview Updates June 23, 2022
Are the Windows VPN, RRAS, Wi-Fi hotspot issues fixed Windows with preview updates from June 23, 2022?
Edge freezing in Windows 10/11, caused by updates KB5014019/KB5014023/KB5014021 fixed per KIR
