What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
300.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

DCOM Security

Votes:

0

Your Vote:

Up

Down

Hello,

After install update KB5004442 we have an issue with PRTG. "The server-side authentication level policy does not allow the user %user% from address #### to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.

On Microsoft has an information "https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c"

This function cannot be deactivated for safety reasons.

Can the PRTG solution for this issue?

dcom security wmi

Created on Oct 6, 2021 8:09:26 AM by  z2deker (0) 1



6 Replies

Votes:

0

Your Vote:

Up

Down

Hey,

This is currently a bug which is caused by this update. We already opened up a bug ticket for our developers. Currently we need to ask you for a little patience as we don't know when the issue will be fixed.


Kind regards,
Marijan Horsky, Team Tech Support

Created on Oct 7, 2021 11:36:44 AM by  Marijan Horsky [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hello Team Tech Support,

Has the problem described above been fixed?

Best Regards, Andrey

Created on Oct 29, 2021 2:59:33 PM by  Maksim Aga (0) 1



Votes:

0

Your Vote:

Up

Down

Hi,

The issue should be fixed by Microsoft in Q1 2022.
More information about this can be found here.


Kind regards,
Marijan Horsky, Team Tech Support

Created on Nov 1, 2021 9:28:08 AM by  Marijan Horsky [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Marijan, that's not what the Microsoft document says. It says: "If you find issues during testing, you must contact the vendor for the affected client or server software for an update or workaround before early 2022."

So what we are doing here, is contacting you. And you're saying Microsoft is going to fix it. All Microsoft has done is provide a registry key to disable the requirement - for the time being.

Created on Nov 2, 2021 11:06:34 PM by  duanef (0) 1



Votes:

0

Your Vote:

Up

Down

Hey,

There is not much we can do on the PRTG side, basically with the first Fix Microsoft, most probably, messed up the default auth level resolve mechanism in DCOM, which PRTG also uses, as most Software should. So on our side we cannot do much more as Microsoft needs to fix this issue and not all other software vendors.


Kind regards,
Marijan Horsky, Team Tech Support

Created on Nov 5, 2021 1:07:44 PM by  Marijan Horsky [Paessler Support]



Votes:

0

Your Vote:

Up

Down

FYI:

How does Microsoft plan to address this vulnerability?

Microsoft is addressing this vulnerability in a phased rollout. The initial deployment phase starts with the Windows updates released on June 8, 2021. The updates will enable customers to verify that any client/server applications in their environment work as expected with the hardening changes enabled.

The second phase, planned for an early Q1 2022 release, programmatically enables the hardening on DCOM servers by default that can be disabled via the RequireIntegrityActivationAuthenticationLevel registry key if necessary.

The third phase, planned for Q2 2022, enables the hardening on DCOM servers by default and will no longer have the ability to be disabled.

Are there system events available that will help me identify the client devices that will be impacted by the change?

Yes. See the New DCOM error events section of Managing changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414).

Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26414

Created on Jan 20, 2022 5:33:50 PM by  Patrick_K (0) 1



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.