DCOM is a Windows 11/10 component that taps into remote procedure calls (RPCs) to show application components and create communication between devices on a network. In June 2021, Microsoft confirmed there was a vulnerability in DCOM.
Specifically, CVE-2021-26414 was a flaw that could allow threat actors to exploit DCOM. Microsoft fixed the issue and has been making tweaks to the model since. The company's goal has been to strengthen DCOM.
It is these changes the company is making mandatory in less than a month.
One of the first steps Microsoft took was shortly after the disclosure of the vulnerability when the company turned off DCOM by default. A year later, in June 2022, the company was back with an update that once again made DCOM on by default. However, now there is an option to disable the feature on Windows 11 and 10.
Those and other “hardening” modifications will become default on March 14, 2023, which will be the March 2023 Patch Tuesday. Microsoft says following the mandatory change, users will no longer be able to disable them.
Users can make the DCOM changes ahead of time by doing these steps:
- “Enable DCOM Hardening: Set the RequireIntegrityActivationAuthenticationLevel registry key to 1 for all DCOM servers.
- Raise Authentication Level: Set the RaiseActivationAuthenticationLevel registry key to 2 for all Windows-based DCOM clients.”
Microsoft says any enterprise customers who have issues during the process should contact their client or server software provider.
Tip of the day: The Windows Sandbox gives Windows 10/11 Pro and Enterprise users a safe space to run suspicious apps without risk. In out tutorial we show you how to enable the Windows Sandbox feature.