Skip to main content
commvault.com commvault.com
Solved

DCOM Hardening CVE-2021-26414

  • July 1, 2022
  • 7 replies
  • 414 views
S
Novice
Forum|alt.badge.img+4

Has anyone inquired if Commvault will be affected by this once to security is fully put in place on March 2023?

Best answer by DMCVault

@ShaneHicks I dug into it, and found that we had recently tested this MS fix, and confirmed no impact on Commvault.  Let us know if you have further questions.

7 replies

Mike Struening
Vaulter
Forum|alt.badge.img+22

@ShaneHicks , I’m not seeing anything in our docs or incidents.

I’ll check with @DMCVault who would know.

https://www.linkedin.com/in/michael-struening
S
Mike Struening
Vaulter
Forum|alt.badge.img+22

@ShaneHicks , I talked to @DMCVault who mentioned the fix for this is to apply Windows updates.

From MSFT:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26414

I can’t find anything showing we are affected, though there’s a remediation available.

https://www.linkedin.com/in/michael-struening
D
Vaulter
Forum|alt.badge.img+7
  • DMCVaultVaulter
  • Vaulter
  • July 1, 2022

@ShaneHicks  we dont think this will have any effects on our software, but we will validate just to be sure.

S
S
Novice
Forum|alt.badge.img+4
  • ShaneHicksNovice
  • Author
  • Novice
  • July 1, 2022

Yes please do @DMCVault . We just want to make sure that in March 2023 when the component is not available anymore that Commvault will be ok.

I agree with that it probably will not affect CV but wanted to make sure.

D
Vaulter
Forum|alt.badge.img+7
  • DMCVaultVaulter
  • Vaulter
  • Answer
  • July 5, 2022

@ShaneHicks I dug into it, and found that we had recently tested this MS fix, and confirmed no impact on Commvault.  Let us know if you have further questions.

S
S
Novice
Forum|alt.badge.img+4
  • ShaneHicksNovice
  • Author
  • Novice
  • July 6, 2022

Thank you @DMCVault for your help.

Mike Struening
D
M
Novice
Forum|alt.badge.img
  • MattyLNovice
  • Novice
  • August 19, 2022

I recently had to disable the hardening in order to install CV agents onto a Hyper-V host from the CommServe. With hardening enabled on other hosts, I had to copy the packages to the host and run CV setup locally.


Not being able to remotely push out client installs from CV isn’t great. 

So I think there is an impact, though perhaps additional testing / understanding is required. 

 

https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c


Personally, I”m going to engage my local CV team and log a case to investigate this further.

Mike Struening
Terms & ConditionsCookie settingsAccessibility statement