Back in June 2021, Microsoft revealed details about the CVE-2021-26414 vulnerability that could exploit the Distributed Component Object Model (DCOM) remote protocol. For those unaware, DCOM leverages remote procedure calls (RPCs) to expose application components to facilitate communication between networked devices. Since the disclosure of this vulnerability, Microsoft has been making changes to DCOM in order to harden it, and the company has now issued a reminder that these configuration modifications will become mandatory in less than a month.
In the first phase of DCOM hardening during June 2021, it was disabled by default and you had to enable it using Windows Registry keys. Then in June 2022, Microsoft rolled out updates to enable it by default with the option to disable it. In November 2022, it had to issue some updates to cater to customer feedback. Now, after the course of almost two years, DCOM hardening changes will become enabled by default from March 14, 2023 (Patch Tuesday), and there will be no option to disable them.
Knowing about this mandatory change and catering to it is important, especially for enterprise customers. The modification can cause interoperability issues between networked devices, so if you were disabling it up until now to bypass issues, now might be the time to work towards a more permanent solution.
If you haven't installed the hardening updates from 2022, now is the time to do so to test your Windows and Windows Server environments. Alternatively, if for some reason, you'd rather not install Patch Tuesday updates from last year, you can still make the DCOM changes by doing the following:
- Enable DCOM Hardening: Set the RequireIntegrityActivationAuthenticationLevel registry key to 1 for all DCOM servers
- Raise Authentication Level: Set the RaiseActivationAuthenticationLevel registry key to 2 for all Windows-based DCOM clients
If you run into any issues, Microsoft has recommended reaching out to the associated client or server software vendor as soon as possible.