I found one reference to someone else encountering the same. Our only solution has been to roll back the patch on our DC. Having read up on Microsoft's transition to a minimum of Packet Integrity for DCOM authentication (see June's KB5004442 and the DCOM issue described in CVE-2021-26414), it would appear that, at least in Server 2019, this feature has been enabled prematurely (Supposed to be Q1 2022 based on the timeline in the KB5004442) and the described reg entry to temporarily bypass the DCOM update does not work (it is supposed to be valid all of 2022 after the feature is enabled). After applying, we started receiving many DCOM error events 10036 (Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application) for a user id function on our Palo Alto FW (It uses a service account to resolve user identification from AD). We recent applied KB5005568 (Sept 21 update) to one of our Server 2019 DCs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |