Tuesday, December 6, 2022
Microsoft patch KB5004442 (DCOM Hardening) addresses vulnerability CVE-2021-26414, which was disclosed on June 8, 2021. To achieve this, Microsoft is updating its DCOM cybersecurity requirements, resulting in a loss of communications for some users. Communication interruption may occur when the Default Authentication Levels are not set properly.
Previously, any default authentication level would be accepted, and as such many applications force DCOM connections to use 'None' to achieve communication quickly. After applying the Hardening patch, only default authentication levels of "Packet Integrity" and "Packet Privacy" are allowed.
Note: Changing "Authenication Level" using DCOMCNFG and even changing Windows Registry settings will not help past March 14, 2023, because these applications override system settings in their source code. Microsoft is trying to end this poor programming practice because it risks communication security without user knowledge.
The patch was released in response to a number of security concerns that had been raised about DCOM, including the potential for hackers to remotely execute malicious code on affected systems. The patch aims to address these vulnerabilities by modifying the way that DCOM handles incoming requests and by limiting the types of requests that it will accept.
Another important feature is the ability to block DCOM requests from untrusted sources. This can help to prevent malicious code from being executed on an affected system, even if a user inadvertently visits a website or opens a file that contains malicious code.
Overall, the DCOM Hardening patch is an important security update for users of Microsoft Windows operating systems. It helps to protect against potential vulnerabilities in the DCOM system, reducing the risk of remote code execution and other security threats.
This patch will affect users running Windows 8.1 and later (including winds 10 and Windows 11), alongside users running Windows Server 2012R2 and later (including Windows Server 2022).
This patch will not affect users running Windows 8 and earlier (including Windows XP and Windows 7), alongside users running Windows Server 2012 and earlier (including Windows Server 2003).
Using an OPC client such as OPC Expert, users can bypass DCOM requirements completely to achieve communication. There are three different configurations available which allows users to use local (COM) connections. For more information on these configurations, visit OPC Expert.
Use Windows Registry to disable temporarily
This solution will work only until March 14, 2023.
Do not apply Microsoft patch KB5004442 or subsequent patches.
Note: Any Microsoft patch release after March 14, 2023 will retroactively include KB5004442, and as such will enable DCOM Hardening.