Deploy the patch always fail

bearandy 2023-03-17 03:06:31 UTC #1

Did anyone deploy the patch fail?
Disable hardening changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414) - KB5004442
It seems just to add the registry. All action completed but still show fail.
2023-03-17 10 13 00

JasonWalker 2023-03-17 03:13:48 UTC #2

I’m.not sure that disabling that hardening is possible any more, per https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c

The final phase of DCOM updates will be released in March 2023. It will keep the DCOM hardening enabled and remove the ability to disable it.

bearandy 2023-03-17 03:18:02 UTC #3

Thanks for your reply.
But the fixlet still relevance for many machines. If the fixlet will be removed?
It may confuse users if they have to deploy the patch.

JasonWalker 2023-03-17 03:56:08 UTC #4

That Fixlet should not have a default action, which is an indication that we should read the description and the release notes.

It’s still a valid Fixlet for those who have not applied the March roll-up package (or may need to remove the March roll-up if the new settings cause any major impacts)