Not able to reproduce Client DCOM error 10038 after the update 8 nov 2022

Alex La 0 Reputation points
2023-01-16T16:46:28.8266667+00:00

Hi,

Regarding the DCOM hardening (CVE-2021-26414) described in this article:

https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c

After the update November 8, 2022. There is no errors in the Event Viewer log at all even if testing to disable any changes. Prior to that update I got the 10038 client error described in the article. Did the code changes (hardening) and the errors dissapeared. Now it is not possible to reproduce the 10038 errors any longer in the the Event Viewer. How do I reproduce the error?

I am running Windows 10 Business, 21H2, OS build 19044.2364.

Best Regards,
Alex La

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,221 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,698 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Dave Patrick 426.1K Reputation points MVP
    2023-01-16T16:52:39.6566667+00:00

    Looks like you can set the value of RaiseActivationAuthenticationLevel to 1 (one) to disable the effects to 11/8/2022 patching.

    DCOM client-side patch on November 8, 2022

    This update will automatically raise authentication level for all non-anonymous activation requests from DCOM clients to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY at a minimum. With this change, most Windows DCOM clients will automatically work with DCOM hardening changes on the server side without any further modification to the DCOM client. This update will be activated by default but can be deactivated by setting its registry key to 1. This patch is disabled by default for Windows 10, versions 1809 and 1607 and Windows Server 2016. To enable it, set the registry key value for RaiseActivationAuthenticationLevel to 2.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments No comments

  2. Alex La 0 Reputation points
    2023-01-17T10:02:45.9033333+00:00

    Thanks for the answer. I've tested setting HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat
    RaiseActivationAuthenticationLevel=1

    Still not able to reproduce the 10038 log in the Event Viewer. Also rebooted after the change but it had no effect. I tested with an anonymous DCOM client.

    0 comments No comments

  3. Dave Patrick 426.1K Reputation points MVP
    2023-01-17T15:39:28.5233333+00:00

    You can open a paid case here with support.

    https://support.serviceshub.microsoft.com/supportforbusiness

    confirmed bugs always result in no charges to customer.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments No comments