search

speartail / checkwmiplus

Check WMI Plus is a client-less Nagios plugin for checking Windows systems
3 stars 5 forks source link

EVENT Windows #2

Closed zingaro1972 closed 2 years ago

zingaro1972 commented 2 years ago

I noted that after update Windows with the last patch , the EVENT ID return this new ID EVENT: The server-side authentication level policy does not allow the user DOMAIN\USER SID (S-SIDDETAILS) from address a.b.c.d to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application...

I noted the the issus are generated from check_wmi_plus plugin..

it's possible solve that problem during plugin execution ?

https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c

peterhoeg commented 2 years ago

You've got to check with https://edcint.co.nz/checkwmiplus/ about this. This repository is only to have a stable download link for a given version. Additionally, we're not using this any longer, so I wouldn't be able to help you out anyway, sorry.