June 2022 Win Updates - All WMI Polled Hosts are Broken - DCOM Hardening KB5004442 — (CVE-2021-26414)

I'm really surprised this isn't a popular thread since the June 2022 Windows updates enforced DCOM hardening.

In a nutshell I now have hundreds of Windows WMI hosts with broken monitoring.

I assume many of you haven't deployed the June 2022 updates or you put the reg key in to disable DCOM hardening. Or, you're using Agents.

I only saw this semi related post - https://thwack.solarwinds.com/product-forums/network-performance-monitor-npm/f/forum/92607/dcom-errors-in-dc-after-patching

But, this is a Windows issue and not an Orion issue, unless the patch deploys the RequireIntegrityActivationAuthenticationLevel Reg Hack :D

Any feedback, anyone else get hit by this? All of my WMI polled hosts are dead, so its a semi crisis.

KB5004442—Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414) (microsoft.com)

Parents
  • Hmm; I've got the June updates applied to all my Windows servers, and WMI polling is working normally on all of them. We don't have the "temp disable this" reg key in place either.

    We are running only Server 2019; which version(s) do you have in place?

    What version is your Orion platform?

Reply
  • Hmm; I've got the June updates applied to all my Windows servers, and WMI polling is working normally on all of them. We don't have the "temp disable this" reg key in place either.

    We are running only Server 2019; which version(s) do you have in place?

    What version is your Orion platform?

Children