In 2021, CVE-2021-26414 was created to track a security vulnerability discovered in the Windows Distributed Component Object Model (DCOM) Remote Protocol. The Windows updates that were released in September 2021 and later address this vulnerability by including changes that will progressively increase security hardening in DCOM. We recommended that you verify if client or server applications that use DCOM or RPC work as expected with the hardening changes enabled. Some configurations might require action by June 14, 2022, to ensure normal operations.
When will this happen
Refer to the below timeline to understand the progressive hardening coming to DCOM in 2022.
- June 8, 2021: Hardening changes disabled by default but with the ability to enable them using a registry key.
- June 14, 2022: Hardening changes enabled by default but with the ability to disable them using a registry key.
- March 14, 2023: Hardening changes enabled by default with no ability to disable them. By this point, you must resolve any compatibility issues with the hardening changes and applications in your environment.
Message ID: MC354543
Created: 08 April 2022
Updated: 08 April 2022
Action required by: 14 June 2022
Platform: World tenant, Online