DCOM Hardening in KB5004442 - Nov 8th 2022 patch clarity

Sathish Ramakrishna 21 Reputation points


There has been a recent update to below link (updated on 19th Oct 2022) -
Which states that clients will be automatically upgraded to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY (the required auth level) by turning on a new registry key.

Need clarity -

  1. If this a temporary thing or having this new registry key (RaiseActivationAuthenticationLevel) set to 2 will not require any code changes to the client to continue to work?
  2. Are there any server side DCOM code changes required? (My understanding we need not do any DCOM code changes on the server, only setting application to allow PKT_INTEGRITY in DCOM cnfg will get things working, please confirm)
  3. What does non-anonymous activation mean? We are activating DCOM via windows services with system log on, does this get considered as anonymous activation?

Kind of new to the DCOM world. Really appreciate any clarity on these points.

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,332 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,425 questions
0 comments No comments
{count} votes

Accepted answer
  1. Limitless Technology 26,416 Reputation points

    Hello there,

    No code changes are required on the client side and server side but this key will not be generated automatically.

    June 2021 - Hardening feature available, but disabled by default.
    June 2022 - Hardening feature enabled by default but can be disabled.
    March 2023 - Hardening feature enabled, CANNOT be disabled.

    This registry value does not exist by default; you must create it. Windows will read it if it exists and will not overwrite it. You must restart your device after setting this registry key for it to take effect.


    --If the reply is helpful, please Upvote and Accept it as an answer–

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful