Forum Discussion

Advisor

3 years ago

KB5004442: Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414)

Will Logicmonitor be affected by KB5004442: Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414) and are we required to perform any steps ? Is there any official co...

Julian

3 years ago

We are currently experiencing an issue relating to this KB.

There are several Event Logs coming in with the following message:
Message: The server-side authentication level policy does not allow the user <domain>\<service_account> SID (<SID>) from address 10.20.23.25 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.

The event can be suppressed, but the cause of the issue is on the collector side. It seems that the collector would need to be updated.

Please let me know if I'm misinformed.

Forum Discussion

KB5004442: Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414)

Related Content

Important Security Announcement

LogicMonitor Portal Security

"Enable Test Script" UIv4 security experiences?

Security Hardening of LM

LogicMonitor Security Best Practices

Recent Discussions

Provide LogicMonitor explicit URLs for whitelisting to enable outbound connectivity

Topology Map Icons

Cycle Alerting when SDT is set

Feature Request: Poll Now - evaluate complex data points

Cisco Stack Switchs