A new blog article tells the comprehensive story of the ongoing Distributed Component Object Model (DCOM) authentication hardening process: DCOM authentication hardening: What you need to know. This article explains the timeline of the phased rollout documented in KB5004442, and the key dates which ultimately lead to default enablement for the security of servers and client devices. Keep your organization protected with the latest Windows updates, enable or test DCOM authentication hardening, and monitor for compatibility with our troubleshooting guidance for several common scenarios for Windows devices.
When will this happen
As explained in KB5004442, the phased rollout of DCOM authentication hardening changes follows the timeline originally established since June 2021:
September 2021: The September 2021 update fixed several compatibility issues and introduced event logs for additional monitoring.
June 2022: All updates beginning with June 2022 programmatically enable the requirements of Packet Level Integrity (RPC_C_AUTHN_LEVEL_PKT_INTEGRITY), unless an admin manually disables them.
November 2022: The November 8 update will automatically raise authentication level for all non-anonymous activation requests from DCOM clients to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY if it’s below Packet Integrity.
March 2023: Finally, DCOM authentication hardening will be enabled by default to help prevent malicious actors from accessing your server and networked devices.
Message ID: MC447990
Action required by: 2022-03-23
Platform: World tenant