DCOM Hardening in KB5004442 - Nov 8th 2022 patch clarity

Question

Hello,

There has been a recent update to below link (updated on 19th Oct 2022) -
https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c
Which states that clients will be automatically upgraded to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY (the required auth level) by turning on a new registry key.

Need clarity -

1. If this a temporary thing or having this new registry key (RaiseActivationAuthenticationLevel) set to 2 will not require any code changes to the client to continue to work?
2. Are there any server side DCOM code changes required? (My understanding we need not do any DCOM code changes on the server, only setting application to allow PKT_INTEGRITY in DCOM cnfg will get things working, please confirm)
3. What does non-anonymous activation mean? We are activating DCOM via windows services with system log on, does this get considered as anonymous activation?

Kind of new to the DCOM world. Really appreciate any clarity on these points.

Answer 1

Hello there,

No code changes are required on the client side and server side but this key will not be generated automatically.

June 2021 - Hardening feature available, but disabled by default.
June 2022 - Hardening feature enabled by default but can be disabled.
March 2023 - Hardening feature enabled, CANNOT be disabled.

This registry value does not exist by default; you must create it. Windows will read it if it exists and will not overwrite it. You must restart your device after setting this registry key for it to take effect.

------------------------------------------------------------------------------------------------------------------------

--If the reply is helpful, please Upvote and Accept it as an answer–