question

shivrajkr-7549 avatar image
0 Votes"
shivrajkr-7549 asked DSPatrick commented

KB5004442 - Windows DCOM Server Security Feature Bypass (CVE-2021-26414) having issue

After enabling the registry followed by the below doc. we are facing issues as access denied even after using RPC_C_AUTHN_LEVEL_PKT_INTEGRITY on WMI.

Windows Server 2019 Version 1809 (OS build 17763.2268). windows updated KB5006744

https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c

windows-active-directorywindows-server-2019windows-server-update-services
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered shivrajkr-7549 commented

What value did you set?
Value Data: default = not defined or 0x00000000 means disabled. 0x00000001 = enabled.

Looks like you'll want 0 to disable it.

--please don't forget to upvote and Accept as answer if the reply is helpful--





· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0x00000001 = enabled.

0 Votes 0 ·

Looks like you'll want 0 to disable or bypass it.

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·

Patrick,

sorry that my question was not clear.

I want to set 1 (enable) and WMI has to work. but it is showing as Access denied even after using Auth level as Packet integrity.


142562-2.png

Thanks for your reply.


0 Votes 0 ·
2.png (27.0 KiB)
DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick commented

Sounds like the calling process doesn't have the correct Authentication-Level
https://docs.microsoft.com/en-us/windows/win32/wmisdk/securing-a-remote-wmi-connection
https://docs.microsoft.com/en-us/windows/win32/rpc/authentication-level-constants

--please don't forget to upvote and Accept as answer if the reply is helpful--


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·