As previously announced, security requirements will be increasing later this year for Windows devices which use the Distributed Component Object Model (DCOM) or Remote Procedure Call (RPC) server technologies. Windows updates released starting September 2021 address a vulnerability in the DCOM remote protocol by progressively increasing security hardening in DCOM throughout 2022. This is a second reminder that some server environments might require action before June 14, 2022, to ensure normal operations.
Refer to the below timeline to understand the progressive hardening coming to DCOM.
We recommended that IT administrators conduct testing by manually enabling hardening changes as soon as possible to confirm normal operations.
- June 8, 2021: Hardening changes disabled by default but with the ability to enable them using a registry key.
- June 14, 2022: Hardening changes enabled by default but with the ability to disable them using a registry key.
- March 14, 2023: Hardening changes enabled by default with no ability to disable them. By this point, you must resolve any compatibility issues with the hardening changes and applications in your environment.
Read more: