0
Under review

KB5004442—Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414)

Bob Bradley 7 months ago updated 7 months ago 2

Microsoft server hardening for DCOM and RPC is now underway with the stage 2 (June 14, 2022) of the timeline described in KB5004442—Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414) (microsoft.com) having just passed.

At least one customer has reported that the Microsoft Security Update has adversely impacted one or more MIM agents, and have sited the above article as how they have identified the root cause.  This customer is now after a patch before stage 3 has elapsed and the stated registry key override setting will no longer work.

There is now a possibility other UNIFYNow customers who have also installed the same security update(s) are going to also run into similar problems in the coming weeks, and as a result there will need to be a patch developed for all such customers.

Between now and March 14 2023, the registry change described in the linked article above will allow business continuity for UNIFYNow customers, while advice on the availability of a patch is pending.

Thanks.

Under review

Hi Bob,

When you say "adversely impacted one or more MIM agents", what does this mean? Is there error details associated? Does it only happen under certain configuration conditions, or are all agents affected? 

Is there anything that suggests it's a UNIFYNow issue as opposed to a MIM issue (for example, do other MIM management libraries such as Lithnet work?)


There's not much detail to go on at the moment, we don't generally interact with DCOM objects directly, so at face value it looks as if it might be what we're interacting with (MIM) being unavailable rather than the other way around. Any logs, configuration or troubleshooting will help otherwise this can't really progress.