INFORMATICS

The Best

Przełącznik języka

BUY COFFEE

If you like the website and want to support the project!

Postaw mi kawę na buycoffee.to

Tools

This Site

Mining

Security

CMS

Hardware

Backup

Windows Server

Uncategorised

useful sites

Databases

Emulators

Powershell

Storage Array

Active Directory

SEO

MSSQL

DNS

Antivirus program

Linux

Foto

Licznik

3.png0.png5.png2.png7.png3.png7.png
Today101
Yesterday905
This week4342
This month3250
Total3052737

Visitor Info

  • IP: 3.139.79.137
  • Browser: Unknown
  • Browser Version:
  • Operating System: Unknown

Who Is Online

3
Online
Thursday, 05 December 2024 02:43
You are here: Home

Windows patch KB5014692 breaks WMI for User-ID

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Environment:

  • Microsoft Windows Server 2019 with patch KB5014692 applied

Note: WMI (Windows Management Instrumentation) is configured under GUI: Device > User Identification > User Mapping > Server Monitoring > Transport Protocol: 'WMI'

Cause
On June 14, 2022, Microsoft released patch KB5004442 for Windows Server to address the vulnerability described in CVE-2021-26414. This patch enables new 'hardened security' for WMI and is having an impact on all vendors.

Info from Microsoft: KB5004442—Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414)

Resolution

  1. The permanent solution is to switch to WinRM as the transport protocol instead of WMI. 

  1. A temporary workaround is available until March 14, 2023. On the Windows Server, follow Microsoft's instructions to disable the hardening change. Modify the following registry value and set it to disabled:
Path : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat
Value Name: "RequireIntegrityActivationAuthenticationLevel"
Type: dword
Value Data: 0x00000000 means disabled. 0x00000001 means enabled.

Note: You must enter Value Data in hexadecimal format. 
Important: You must restart your device after setting this registry key for it to take effect.
This registry key is scheduled to be removed by Microsoft on March 14, 2023 as part of their behavior change timeline.
 

KB5004442—Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414)

 

Summary

The Distributed Component Object Model (DCOM) Remote Protocol is a protocol for exposing application objects using remote procedure calls (RPCs). DCOM is used for communication between the software components of networked devices.  

Hardening changes in DCOM were required for CVE-2021-26414. Therefore, we recommended that you verify if client or server applications in your environment that use DCOM or RPC work as expected with the hardening changes enabled.

To address the vulnerability described in CVE-2021-26414, you must install updates released September 14, 2021 or later on client and server computers. If you have not installed the June 14, 2022 or later update, you must also enable the registry key described below in your environment for servers. We recommended that you complete testing in your environment and enable these hardening changes as soon as possible. If you find issues during testing, you must contact the vendor for the affected client or server software for an update or workaround before early 2022.

Note We recommend that you update your devices to the latest security update available to take advantage of the advanced protections from the latest security threats.

Timeline

Update release

Behavior change

June 8, 2021

Hardening changes disabled by default but with the ability to enable them using a registry key.

June 14, 2022

Hardening changes enabled by default but with the ability to disable them using a registry key.

November 8, 2022

This update will automatically raise authentication level for all non-anonymous activation requests from DCOM clients to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY if it is below Packet Integrity. With this change, most Windows DCOM client applications will automatically work with DCOM hardening change on server side without any modification to the DCOM client applications.

March 14, 2023

Hardening changes enabled by default with no ability to disable them. By this point, you must resolve any compatibility issues with the hardening changes and applications in your environment.

Registry setting to enable or disable the hardening changes

During the timeline phases in which you can enable or disable the hardening changes for CVE-2021-26414, you can use the following registry key:

  • Path : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat

  • Value Name: "RequireIntegrityActivationAuthenticationLevel"

  • Type: dword

  • Value Data: default = 0x00000000 means disabled. 0x00000001 means enabled. If this value is not defined, it will default to enabled.

Note You must enter Value Data in hexadecimal format. 

Important You must restart your device after setting this registry key for it to take effect.

Note Enabling the registry key above will make DCOM servers enforce an Authentication-Level of RPC_C_AUTHN_LEVEL_PKT_INTEGRITY or higher for activation.

Note This registry value does not exist by default; you must create it. Windows will read it if it exists and will not overwrite it.

Registry settings to raise the activation authentication level

You can use the following registry key to raise the activation authentication level.

  • Path : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat

  • Value Name: "RaiseActivationAuthenticationLevel"

  • Type: dword

  • Value Data: 1 means raise default authentication level to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY.

    Two (2) means raise authentication level for all non-anonymous activation requests to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY if it is below Packet Integrity. This includes the explicitly set authentication level in activation functions, such as CoCreateInstanceEx. If this value is not defined, it will default to 1 (before November 8, 2022) and 2 (after November 8, 2022).

Note You must enter Value Data in hexadecimal format. 

Important You must restart your device after setting this registry key for it to take effect.

Note This registry value does not exist by default; you must create it. Windows will read it if it exists and will not overwrite it.

New DCOM error events

To help you identify the applications that might have compatibility issues after we enable DCOM security hardening changes, we added new DCOM error events in the System log; see the tables below. The system will log these events if it detects that a DCOM client application is trying to activate a DCOM server using an authentication level that is less than RPC_C_AUTHN_LEVEL_PKT_INTEGRITY. You can trace to the client device from the server-side event log and use client-side event logs to find the application.

Server events

Event ID

Message

10036

"The server-side authentication level policy does not allow the user %1\%2 SID (%3) from address %4 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application."

(%1 – domain, %2 – user name, %3 – User SID, %4 – Client IP Address)

Client events

Event ID

Message

10037

"Application %1 with PID %2 is requesting to activate CLSID %3 on computer %4 with explicitly set authentication level at %5. The lowest activation authentication level required by DCOM is 5(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY). To raise the activation authentication level, please contact the application vendor."

10038

"Application %1 with PID %2 is requesting to activate CLSID %3 on computer %4 with default activation authentication level at %5. The lowest activation authentication level required by DCOM is 5(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY). To raise the activation authentication level, please contact the application vendor."

(%1 – Application Path, %2 – Application PID, %3 – CLSID of the COM class the application is requesting to activate, %4 – Computer Name, %5 – Value of Authentication Level)

Availability

These error events are only available for a subset of Windows versions; see the table below.

Windows version

Available on or after these dates

Windows Server 2022

September 27, 2021

KB5005619

Windows 10, version 2004, Windows 10, version 20H2, Windows 10, version 21H1

September 1, 2021

KB5005101

Windows 10, version 1909

August 26, 2021

KB5005103

Windows Server 2019, Windows 10, version  1809

August 26, 2021

KB5005102

Windows Server 2016, Windows 10, version 1607

September 14, 2021

KB5005573

Windows Server 2012 R2 and Windows 8.1

October 12, 2021

KB5006714
 

How to Check CentOS Version

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

How to Check CentOS Version From Command Line

lsb Command to Display Details of CentOS Linux Release

LSB (Linux Standard Base) is a joint project of several Linux distributions to standardize software system structure. One of the commands available from the command line lsb_releaseThe output will indicate which OS version you are running.

1. Before you can use lsb commands, you have to install the package first. Use the following command:

# sudo yum install redhat-lsb-core

2. Type in your sudo password to authorize the installation and then press Y and Enter to confirm.
3. Once you have installed it, you can check your CentOS/REHL version as shown with the command:

# lsb_release -d 
or
# lsb_release -a



Find CentOS Version with the hostnamectl Command CentOS version 7 and next distributions, 
hostnamectl command is used to query and set Linux system hostname, and show other system related information, such as operating system release version 
It displays information from the 
/etc/centos-release file, 
uname –a file and others. 
In addition to version number, it indicates which Linux kernel your system is using. 
To see these specifics, use the command: 
# hostnamectl



Find CentOS Version with RPM - RPM (Red Hat Package Manager) is a popular open-source and core package management utility for Red Hat based systems like (RHEL, CentOS, Fedora). 
With the rpm command, you can find out the full package name and the release version of CentOS you are running. 
Use the command: 
# rpm –qa centos-release 
or
# rpm -ql centos-release | grep release$
or
# rpm -qf /etc/redhat-release


Check CentOS Version in Release File To check which Linux distro and major release version you have installed, 
open the release file using the command: 
# cat /etc/os-release 
The output reveals the name of the operating system, its major release version, 
and other specifics, as displayed in the image below.

Check Linux Kernel Version in CentOS Knowing the kernel version you are running is often as useful as finding the release version. 
Find out which Linux kernel version you running, with the command: 
# uname –r 
or 
# uname -s -r
The output you receive is the version number of the kernel of your operating system.

The 4 files shown below provides the update version of the CentOS/Redhat OS.
/etc/centos-release 
/etc/os-release 
/etc/redhat-release 
/etc/system-release


Error HRESULT: 0x80070520 when adding SSL binding in IIS

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Error HRESULT: 0x80070520 when adding SSL binding in IIS

Error There was an error while performing this operation

Details:

A specified logon session does not exist. It may alredy have been terminated. (EXception from  HRelult: 0x80070520)

you can use the option to generate a certificate:

openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt

The key file is just a text file with your private key in it.

If you have a root CA and intermediate certs, then include them as well using multiple -in params

openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt -in intermediate.crt -in rootca.crt


If you're looking for a Windows graphical user interface, check out DigiCert. It is a fairly simple program with an easy interface.

On the SSL tab, import the generated certificate. Then, after selecting the Certificate, you can export the file as PFX with or without a key.
https://www.digicert.com/util
This program can also repair a certificate that was uploaded with an error

How to create .pfx file from certificate and private key?

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

How to create .pfx file from certificate and private key?

1. Open web page - 

2. Select Type of Current Certificate

Your certificate should be issued in Standard PEM format. Common PEM extensions include .cer, .crt, and .pem. Make sure Type of Current Certificate is set to “Standard PEM”.

3. Select Type to Convert To

Select “PFX/PKCS#12” as the Type to Convert To.

4. Upload Certificate

Locate Certificate File to Convert and click the Choose File button to upload your certificate. This file should be the certificate that is issued to your web server domain.

5. Upload Private Key

Locate Private Key File and click the Choose File button to upload the file. 

6. Upload Chain Certificate Files

Locate Chain Certificate File and click Choose File to upload the CA intermediate certificate. The appropriate certificate depends on what brand of SSL you have, so please make sure you have the correct intermediate certificate before you upload your file.

8. PFX Password

Create a new password for your PFX file. You will need to remember this password when you install the PFX file on your system.

9. Convert Certificate

Once you have uploaded the certificate and key files, click the Convert Certificate button to complete the process and download your new PFX file. 

Search