Many of us don’t truly understand it, nor can we diagnose DCOM errors in our event logs that don’t appear to have major impact to our networks. What is DCOM?ĭistributed Component Object Model (DCOM) is a Microsoft technology for communication between software components on networked computers. This level of integrity ensures that none of the data transferred between the client and server has been modified. Specifically, it phases in stronger authentication ( RPC_C_AUTHN_LEVEL_PKT_INTEGRITY) on the DCOM client. The patch fixes and strengthens the authentication used between DCOM clients and servers. Next, the attacker will use that information to access and then compromise the DCOM server. What exactly is it fixing? A Japanese security bulletin offers some hints.Īccording to the bulletin, an attacker would first exploit a vulnerability by directing a DCOM client to connect to a specially crafted server in some way, typically by sending a phishing email to a user to gain a hold on the system. It updates a patch fixing an issue for a DCOM Server security feature bypass (CVE-2021-26414). Microsoft’s June security update is light on details but heavy on possible long-term impact to network environments.