Closed zingaro1972 closed 2 years ago
You've got to check with https://edcint.co.nz/checkwmiplus/ about this. This repository is only to have a stable download link for a given version. Additionally, we're not using this any longer, so I wouldn't be able to help you out anyway, sorry.
I noted that after update Windows with the last patch , the EVENT ID return this new ID EVENT: The server-side authentication level policy does not allow the user DOMAIN\USER SID (S-SIDDETAILS) from address a.b.c.d to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application...
I noted the the issus are generated from check_wmi_plus plugin..
it's possible solve that problem during plugin execution ?
https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c