Reputation: 2194
What code changes must be made to handle DCOM hardening? (CVE-2021-26414) (KB5004442)
Our clients are having issues with DCOM errors and the issues appear related to the so-called "DCOM hardening" (CVE-2021-26414) (KB5004442). So we need to change our DCOM server processes and DCOM client processes so that they work now and they work on March 14th 2023 (the scheduled "no ability to disable them" date).
I am not sure what changes need to be made. I think that the only required change is to add a call to CoInitializeSecurity after the call to CoInitializeEx, in both the server and the client.
HRESULT hrCoInit = CoInitializeEx(nullptr, COINIT_APARTMENTTHREADED);
/* Note: CoInitializeSecurity returns RPC_E_TOO_LATE
** instead of S_OK if it is called more than once.
** But we don't always know if this call is the
** first call to CoInitializeSecurity,
** so we ignore the return value. */
HRESULT hrCoInitSecure = CoInitializeSecurity(
nullptr, -1, nullptr, nullptr,
RPC_C_AUTHN_LEVEL_PKT_INTEGRITY,
RPC_C_IMP_LEVEL_IMPERSONATE,
nullptr, EOAC_NONE, nullptr);
Could someone confirm this? If not, I would appreciate it if you could tell me which "Co" functions should be called. Thank you.
Upvotes: 0
Views: 846
Answers (1)
Reputation: 2194
According to this, both client and server can call CoInitializeSecurity and use RPC_C_AUTHN_LEVEL_PKT_INTEGRITY.
Upvotes: 0
Related Questions
- A definitive guide to API-breaking changes in .NET
- DCOM Hardening - Autentication level for calls
- What was the fix for CVE 2021-31917 ? Is this applicable only for infinispan-server?
- MS09-035 Vulnerability & Impact On Application Development
- Spectre/Meltdown Patch Causing COM Method to Return E_ACCESSDENIED
- Security updates in ASP.NET 5
- C++/CLI: CA2123: Requires SecurityCriticalAttribute?
- Setting DCom Security settings in WiX
- COM / DCOM: Server stub does not allocate memory for new methods in existing interface
- With what shall we replace the DCOM communication with?