[MS-DCOM]: Distributed Component Object Model (DCOM) Remote Protocol
|
This topic lists Errata found in [MS-DCOM] since it was last published. Since this topic is updated frequently, we recommend that you subscribe to this RSS feed to receive update notifications. Errata are subject to the same terms as the Open Specifications documentation referenced. |
|---|
To view a PDF file of the errata for the previous versions of this document, see the following ERRATA Archives:
July 18, 2016 - Download
June 24, 2021 - Download
Errata below are for Protocol Document Version 23.0 - 2021/06/25.
|
Errata Published* |
Description |
|---|---|
|
2022/12/13 |
Section 3.2.4.1.1.2Issuing the Activation Request Description: Updated instances of 'RPC_C_AUTHN_LEVEL_PKT_INTEGRITY' authentication level constant value in product behavior note 81 to use RPC_C_AUTHN_LEVEL_CONNECT authentication level for specified operating systems.
Changed from:
<pbn81>: On Windows NT, Windows 2000, Windows XP, Windows XP SP1, and Windows Server 2003, DCOM clients specify RPC_C_AUTHN_LEVEL_PKT_INTEGRITY (see [MS-RPCE] section 2.2.1.1.8) as the default authentication level value for the call.
Changed to:
<pbn81>: On Windows NT, Windows 2000, Windows XP, Windows XP SP1, and Windows Server 2003, DCOM clients specify RPC_C_AUTHN_LEVEL_CONNECT ([MS-RPCE] section 2.2.1.1.8) as the default authentication level value for the call.
Changed from:
<pbn81>: On Windows XP SP2, Windows Server 2003 with SP1, Windows Vista and later, and Windows Server 2008 and later, DCOM clients specify the higher of the LegacyAuthenticationLevel value (for more information, [MSDN-LegAuthLevel]) and RPC_C_AUTHN_LEVEL_PKT_INTEGRITY (see [MS-RPCE] section 2.2.1.1.8) as the default authentication level value for the call.
Changed to:
<pbn81>: On Windows XP SP2 and Windows Server 2003 with SP1, DCOM clients specify the higher of the LegacyAuthenticationLevel value ([MSDN-LegAuthLevel]) or RPC_C_AUTHN_LEVEL_CONNECT ([MS-RPCE] section 2.2.1.1.8) as the default authentication level value for the call.
On Windows Vista and later and Windows Server 2008 and later, DCOM clients specify the higher of the LegacyAuthenticationLevel value ([MSDN-LegAuthLevel]) or RPC_C_AUTHN_LEVEL_PKT_INTEGRITY ([MS-RPCE] section 2.2.1.1.8) as the default authentication level value for the call. |
|
2022/11/07 |
Section 3.2.4.1.1.2 Issuing the Activation Request
Description: Updated to indicate that on Windows, the client can raise the authentication level requested by the application to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, if it is less than that. Specified that the Windows 11 v22H2 operating system supports this behavior.
Changed from:
The client MUST specify the authentication level requested by the application, if one was supplied; otherwise, it MUST specify a default authentication level that is obtained in an implementation-specific manner.
Changed to:
The client MUST specify the authentication level at least as high as what is requested by the application; that is, if one is requested. However, note that the client MAY raise the authentication level<pbn-80>. Otherwise, the client MUST specify a default authentication level that is obtained in an implementation-specific manner<pbn-81>.
Updated product behavior note 80:
Changed from:
On Windows NT, Windows 2000, Windows XP, Windows XP SP1, and Windows Server 2003, DCOM clients specify RPC_C_AUTHN_LEVEL_PKT_INTEGRITY (see [MS-RPCE] section 2.2.1.1.8) as the default authentication level value for the call. On Windows XP SP2, Windows Server 2003 with SP1, Windows Vista and later, and Windows Server 2008 and later, DCOM clients specify the higher of the LegacyAuthenticationLevel value (for more information, see [MSDN-LegAuthLevel]) and RPC_C_AUTHN_LEVEL_PKT_INTEGRITY (see [MS-RPCE] section 2.2.1.1.8) as the default authentication level value for the call. The default activation authentication level is raised to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY level on client side and the required activation authentication level needs to be at least at RPC_C_AUTHN_LEVEL_PKT_INTEGRITY level for authenticated activation on the server side, as applicable to the Windows 7 operating system with Service Pack 1 (SP1), Windows Server 2008 R2 Service Pack 1 (SP1), Windows 8.1, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows 10, Windows Server 2022, Windows Server v1803 operating system, Windows Server v1809 operating system, Windows 10 v1607 operating system, Windows Server v1903 operating system, Windows Server 2019 Datacenter: Azure Edition (Turbine), Windows Server v1909 operating system, Windows Server v2004 operating system, Windows 10 v1803 operating system, Windows Server v20H2 Core operating system, Windows 10 v1809 operating system, Windows Server 2022 core, Windows 10 v1903 operating system, Windows 10 v1909 operating system, Windows 10 v2004 operating system, Windows 10 v20H2 operating system, Windows 10 v21H1 operating system, and Windows 11, to which this change has been backported.
Changed to:
<pbn-80> On Windows, the authentication level requested by the application is raised to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY ([MS-RPCE] section 2.2.1.1.8), if it is less than that. This behavior is supported in the specified operating systems that follow, each with its related KB article download installed: Windows 11 (Sun Valley) Desktop, Windows 11 (Sun Valley) Desktop Refresh, Windows 11 Desktop v22H2, Windows Server 2022 - Full/Core, Windows 10 Desktop v22H2, Windows 10 Desktop v21H2, Windows 10 Desktop v21H1, and Windows 10 Desktop v20H2. |
|
2022/10/24 |
Section 3.2.4.1.1.2 Issuing the Activation Request Description: Updated to indicate that on Windows, the client can raise the authentication level requested by the application to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, if it is less than that. Also specified the operating systems that support this behavior. Changed from: The client MUST specify the authentication level requested by the application, if one was supplied; otherwise, it MUST specify a default authentication level that is obtained in an implementation-specific manner.
Changed to: The client MUST specify the authentication level at least as high as what is requested by the application; that is, if one is requested. However, note that the client MAY raise the authentication level<pbn-80>. Otherwise, the client MUST specify a default authentication level that is obtained in an implementation-specific manner<pbn-81>.
<pbn-80>Updated; see below.
Updated product behavior note 80:
Changed from:
On Windows NT, Windows 2000, Windows XP, Windows XP SP1, and Windows Server 2003, DCOM clients specify RPC_C_AUTHN_LEVEL_PKT_INTEGRITY (see [MS-RPCE] section 2.2.1.1.8) as the default authentication level value for the call. On Windows XP SP2, Windows Server 2003 with SP1, Windows Vista and later, and Windows Server 2008 and later, DCOM clients specify the higher of the LegacyAuthenticationLevel value (for more information, see [MSDN-LegAuthLevel]) and RPC_C_AUTHN_LEVEL_PKT_INTEGRITY (see [MS-RPCE] section 2.2.1.1.8) as the default authentication level value for the call. The default activation authentication level is raised to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY level on client side and the required activation authentication level needs to be at least at RPC_C_AUTHN_LEVEL_PKT_INTEGRITY level for authenticated activation on the server side, as applicable to the Windows 7 operating system with Service Pack 1 (SP1), Windows Server 2008 R2 Service Pack 1 (SP1), Windows 8.1, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows 10, Windows Server 2022, Windows Server v1803 operating system, Windows Server v1809 operating system, Windows 10 v1607 operating system, Windows Server v1903 operating system, Windows Server 2019 Datacenter: Azure Edition (Turbine), Windows Server v1909 operating system, Windows Server v2004 operating system, Windows 10 v1803 operating system, Windows Server v20H2 Core operating system, Windows 10 v1809 operating system, Windows Server 2022 core, Windows 10 v1903 operating system, Windows 10 v1909 operating system, Windows 10 v2004 operating system, Windows 10 v20H2 operating system, Windows 10 v21H1 operating system, and Windows 11, to which this change has been backported.
Changed to:
<pbn-80> On Windows, the authentication level requested by the application is raised to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY ([MS-RPCE] section 2.2.1.1.8), if it is less than that. This behavior is supported in the specified operating systems that follow, each with its related KB article download installed: Windows 11, Windows 11 Refresh, Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server v1809 operating system, Windows Server 2012 R2, Windows Server 2012 operating system, Windows Server 2008 operating system with Service Pack 2 (SP2), Windows 10 version 22H2 operating system, Windows 10 v21H2 operating system, Windows 10 v21H1 operating system, Windows 10 v20H2 operating system, Windows 10 v1809 operating system, Windows 10 v1909 operating system, Windows 10 v1607 operating system, Windows 10 v1507 operating system, and Windows 7 operating system with Service Pack 1 (SP1). |
|
2022/10/11 |
In Section 2.2.22.2.8.1 customREMOTE_REPLY_SCM_INFO
Description: Updated product behavior note 37 in section 2.2.22.2.8.1 to ensure that RPC_C_AUTHN_LEVEL_PKT_INTEGRITY authentication level will be the minimum auth level following evaluation of the authentication level of DCOM client calls. Also specified the operating systems that support this behavior.
Changed from:
<37> Section 2.2.22.2.8.1: On Windows, DCOM servers return an RPC authentication level that denotes the minimum authentication level at which the object exporter can be called. On Windows, DCOM clients make calls to object exporters at an authentication level that is at least as high as the authnHint returned from the object server.
Changed to: <37> Section 2.2.22.2.8.1: On Windows, DCOM servers return an RPC authentication level that denotes the minimum authentication level at which the object exporter can be called. On Windows, DCOM clients make calls to object exporters at an authentication level that is at least as high as the authnHint value returned from the object server, or the RPC_C_AUTHN_LEVEL_PKT_INTEGRITY level, whichever is greater. Including the RPC_C_AUTHN_LEVEL_PKT_INTEGRITY authentication level in this evaluation is supported by the operating systems specified in [MSFT-CVE-2022-37978], each with its related KB article download installed. |
|
2022/10/04 |
Section 3.2.4.1.1.2 Issuing the Activation Request
Description: Updated to indicate that on Windows, the client can raise the authentication level requested by the application to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, if it is less than that. Also specified the operating systems that support this behavior.
Changed from: The client MUST specify the authentication level requested by the application, if one was supplied; otherwise, it MUST specify a default authentication level that is obtained in an implementation-specific manner.
Changed to: The client MUST specify the authentication level at least as high as what is requested by the application; that is, if one is requested. However, note that the client MAY raise the authentication level<pbn-80>. Otherwise, the client MUST specify a default authentication level that is obtained in an implementation-specific manner<pbn-81>.
<pbn-80>Updated; see below.
Updated product behavior note 80: Changed from: On Windows NT, Windows 2000, Windows XP, Windows XP SP1, and Windows Server 2003, DCOM clients specify RPC_C_AUTHN_LEVEL_PKT_INTEGRITY (see [MS-RPCE] section 2.2.1.1.8) as the default authentication level value for the call.
On Windows XP SP2, Windows Server 2003 with SP1, Windows Vista and later, and Windows Server 2008 and later, DCOM clients specify the higher of the LegacyAuthenticationLevel value (for more information, see [MSDN-LegAuthLevel]) and RPC_C_AUTHN_LEVEL_PKT_INTEGRITY (see [MS-RPCE] section 2.2.1.1.8) as the default authentication level value for the call.
The default activation authentication level is raised to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY level on client side and the required activation authentication level needs to be at least at RPC_C_AUTHN_LEVEL_PKT_INTEGRITY level for authenticated activation on the server side, as applicable to the Windows 7 operating system with Service Pack 1 (SP1), Windows Server 2008 R2 Service Pack 1 (SP1), Windows 8.1, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows 10, Windows Server 2022, Windows Server v1803 operating system, Windows Server v1809 operating system, Windows 10 v1607 operating system, Windows Server v1903 operating system, Windows Server 2019 Datacenter: Azure Edition (Turbine), Windows Server v1909 operating system, Windows Server v2004 operating system, Windows 10 v1803 operating system, Windows Server v20H2 Core operating system, Windows 10 v1809 operating system, Windows Server 2022 core, Windows 10 v1903 operating system, Windows 10 v1909 operating system, Windows 10 v2004 operating system, Windows 10 v20H2 operating system, Windows 10 v21H1 operating system, and Windows 11, to which this change has been backported.
Changed to: <pbn-80> On Windows, the authentication level requested by the application is raised to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY ([MS-RPCE] section 2.2.1.1.8), if it is less than that. This behavior is supported in the specified operating systems that follow, each with its related KB article download installed: Windows 11 (Sun Valley) Desktop, Windows 11 (Sun Valley) Desktop Refresh, Windows Server 2022 - Full/Core, Windows 10 Desktop v22H2, Windows 10 Desktop v21H2, Windows 10 Desktop v21H1, and Windows 10 Desktop v20H2. |