Home > Knowledge Base Articles > CVE-2021-26414 - Changes in Windows Distributed Component Object Model (DCOM)

CVE-2021-26414 - Changes in Windows Distributed Component Object Model (DCOM)

This article applies to the following products:

  • Messageware AttachView 2019
  • Messageware AttachView 2016
  • Messageware AttachView 2013

 

SUMMARY

CVE-2021-26414 progressively increases security for issues discovered in the Windows Distributed Component Object Model (DCOM) Remote Protocol.

Microsoft recommended verification of applications that use DCOM or RPC work as configurations might require action by June 14, 2022, to ensure normal operations.

Software may be tested by enabling the enhanced security in the server registry:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat
  • RequireIntegrityActivationAuthenticationLevel= 0x00000001

https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c?preview=true

 

Expected Time Line: 

Update release

Behavior change

June 8, 2021

Hardening changes disabled by default but with the ability to enable them using a registry key.

June 14, 2022

Hardening changes enabled by default but with the ability to disable them using a registry key.

March 14, 2023

Hardening changes enabled by default with no ability to disable them. By this point, you must resolve any compatibility issues with the hardening changes and applications in your environment.

 

SOLUTION

  • No Action is required
  • Messageware AttachView was tested with the enhanced security option enabled in the server registry
     
Updated: