wmic – RPC_C_AUTHN_LEVEL_PKT_INTEGRITY problem – KB5004442

[bpavesi]

Hello, this problem could affect quite a few wmic installations.

After security update KB5004442, Microsoft introduced some Hardening changes in DCOM.

Today the hardening is optional but after Q2 2022 it will be enabled by default and with no ability to disable it.

The problem is that the wmic tool doesn’t work with the hardening enable. In particular with this windows registry key set to 1:

Path : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat Value Name: "RequireIntegrityActivationAuthenticationLevel" Type: dword

This configuration raise the authentication level to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY and seems that wmic is not able to support this configuration.

Someone can find a solution ?

Some links for further informations: – https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c – https://edcint.co.nz/checkwmiplus/forums/topic/wmic-rpc_c_authn_level_pkt_integrity/

Thank you

[TheWitness]

@bpavesi, Seems the project is dead maybe?