In June 2022 Microsoft has addresed a DCOM volurability that allows bypassing some security mechanisms. These vulnerability was first addressed in June 2021. But hardening changes were disabled by default. Since 14th of June 2022 the hardening changes are enabled by default – but could be disabled by a registry key. Be aware that on 14th of March 2023 there is no way of disabling these changes.
I think Veeam will address this issue in one of the next updates.
After installing the Windows Hotfix you see following exception in Veeam Backup
You’ll also receive an event entry on the Server side:
On the Client Side you receive two events:
| Event ID | Message |
|---|---|
| 10037 | “Application %1 with PID %2 is requesting to activate CLSID %3 on computer %4 with explicitly set authentication level at %5. The lowest activation authentication level required by DCOM is 5(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY). To raise the activation authentication level, please contact the application vendor.” |
| 10038 | “Application %1 with PID %2 is requesting to activate CLSID %3 on computer %4 with default activation authentication level at %5. The lowest activation authentication level required by DCOM is 5(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY). To raise the activation authentication level, please contact the application vendor.” (%1 – Application Path, %2 – Application PID, %3 – CLSID of the COM class the application is requesting to activate, %4 – Computer Name, %5 – Value of Authentication Level) |
To get Veeam Backup running again, one registry key must be set:
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat" /v RequireIntegrityActivationAuthenticationLevel /t REG_DWORD /d 0 /fAfter adding the key you have to reboot your server.
Schreibe einen Kommentar