DCOM authentication level (KB5004442) and local accounts?

Persson, Magnus (SE-TLX) 1 Reputation point
2021-11-11T11:09:59.443+00:00

The KB 5004442 mentions a vulnerability that will be mitigated by forcing an authentication level of 5 (packet integrity) in a Windows Update that will be rolled out in 2022 Q2.

This change will of course lower the performance due to the added security layers on the communication but seems to work fine when I change my components to use the increased authentication level in a set-up with a domain user account.

However, if I try the same set-up with local accounts (for scenarios where a domain controller is not available) I get access denied.
I assume this is because local accounts cannot be trusted.
Is there a workaround to keep using local accounts once the patch mentioned in the above KB will be rolled out?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,119 questions
Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,271 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,753 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,720 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,351 Reputation points
    2021-11-11T20:20:24.027+00:00

    Hello @Persson, Magnus (SE-TLX)

    This may be achieved by enabling NTLMv2 for the local accounts changing the next registry:

    -in: HKEY_LOCAL_MACHINE, then SYSTEM, CurrentControlSet, Control, and finally LSA.
    -In the right pane, double-click the LMCompatibilityLevel value.
    -In the "Data" field of the DWORD Editor window, enter 5. Click OK.
    -In the Registry menu, select Exit.
    -Restart your system for the registry changes to take effect.

    I can recommend you also the next thread where there is a current open discussion about this change (since the phase 1) nd the different effects and workarounds found by the community: https://learn.microsoft.com/en-us/answers/questions/564347/server-2019-update-kb5005568-sept-2021-forcing-new.html?page=2&pageSize=10&sort=oldest

    Besides that, here is more information about the exploit: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26414

    Hope this helps with your query,

    ------
    --If the reply is helpful, please Upvote and Accept as answer--