This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

June 2022 Win Updates - All WMI Polled Hosts are Broken - DCOM Hardening KB5004442 — (CVE-2021-26414)

I'm really surprised this isn't a popular thread since the June 2022 Windows updates enforced DCOM hardening.

In a nutshell I now have hundreds of Windows WMI hosts with broken monitoring.

I assume many of you haven't deployed the June 2022 updates or you put the reg key in to disable DCOM hardening. Or, you're using Agents.

I only saw this semi related post - https://thwack.solarwinds.com/product-forums/network-performance-monitor-npm/f/forum/92607/dcom-errors-in-dc-after-patching

But, this is a Windows issue and not an Orion issue, unless the patch deploys the RequireIntegrityActivationAuthenticationLevel Reg Hack :D

Any feedback, anyone else get hit by this? All of my WMI polled hosts are dead, so its a semi crisis.

KB5004442—Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414) (microsoft.com)

Parents
  • Hi

    I thought I got this issue on two of our servers. WMI started failing on those servers just as the patch got installed and server rebooted. But another reboot "fixed" the issue. So no need to add the reg hack, just a reboot for us.

Reply
  • Hi

    I thought I got this issue on two of our servers. WMI started failing on those servers just as the patch got installed and server rebooted. But another reboot "fixed" the issue. So no need to add the reg hack, just a reboot for us.

Children