INFORMATICS

The Best

KB5014692

Звезда не активнаЗвезда не активнаЗвезда не активнаЗвезда не активнаЗвезда не активна
 

Microsoft’s latest updates - 14 June 2022 for Windows Server seem to have broken more things than they’ve fixed

Earlier this month, the Redmond software giant released four updates for different Windows Server versions: KB5014746, KB5014692, KB5014699, and KB5014678.

As the update was to fix the security issues, it tightened the security level of the host by raising the authentication level for the DCOM protocol.

A protocol that exposes application objects via remote procedure calls (RPCs) is termed a Distributed Component Object Model (DCOM) Remote Protocol. The software components of networked devices communicate with one another using this DCOM protocol.

Admins that installed these updates, soon started reporting a “wide range” of issues, losing Remote Desktop and VPN connectivity to servers with Routing and Remote Access Service (RRAS), including issues with VPN(opens in new tab), problem with managing collections of terminal servers and RDP connectivity on endpoints with Routing. One of the issues was quite severe, the publication further wrote, as it resulted in servers freezing for a couple of minutes, after a client connects to the RRAS server with SSTP.

 

Solution

Steps to disable the authentication level of the DCOM protocol:

Step 1: Open the registry on the source machine.

Step 2: Navigate to the following registry path- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat

Step 3: Right-click on the screen and create a new DWORD (32-bit) value.

Step 4: After it is created, rename the value name from New Value #1 to RequireIntegrityActivationAuthenticationLevel.

Step 5: Now, enter the data value in hexadecimal format, i.e., 0x00000000 to disable.

Step 6: Upon completing the steps above, restart the machine to apply the changes.

Kindly refer to the following KB5004442 for more details: https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c

*Note: The above-mentioned workaround changes need to be made on all the machines (hypervisors) on which the update KB 5014692 has been applied.

 

Another way to repair

uninstall the corresponding cumulative update for your Windows Server version.

Admins can do this by using one of the following commands:

Windows Server 2012 R2: wusa /uninstall /kb:KB5014746
Windows Server 2019: wusa /uninstall /kb:KB5014692
Windows Server 20H2: wusa /uninstall /kb:KB5014699
Windows Server 2022: wusa /uninstall /kb:KB5014678

However, given that Microsoft bundles all security fixes within a single update, removing this month's cumulative update may fix the bugs but will also remove all security patches for vulnerabilities addressed during the June Patch Tuesday.

Therefore, before uninstalling these updates, you should ensure that it is absolutely necessary and that reviving RDP or VPN connectivity on your servers is worth the increased security risks.

As we previously reported, Microsoft is also working on addressing another known issue affecting both client and server platforms, causing connectivity issues when using Wi-Fi hotspots after installing the June Windows updates.

Furthermore, this month's Windows updates may also cause backup issues on Windows Server systems, with some apps failing to backup data using Volume Shadow Copy Service (VSS).

Microsoft told BleepingComputer that admins can temporarily disable the NAT feature on RRAS servers to fix these problems until a fix is released.

 

Search