DCOM default authentication level (DCOM Auth Level)

Vuln ID: 1339
Risk Level: Medium risk vulnerability  Medium DCOM Auth Level
Platforms: Microsoft Windows 95, Microsoft Windows NT: 4.0, Microsoft Windows 98, Microsoft Windows 98SE, Microsoft Windows 2000, Microsoft Windows Me, Microsoft Windows XP, Microsoft Windows 2003 Server
Description:

The DCOM default authentication level has been detected to be below Connect. If the authentication level is None, any user can access any object on the system without authentication.

Remedy:

Fortify DCOM's default permissions so that objects continue to function under tightened security:

  1. Run the dcomcnfg program in the %SystemRoot%/System32 folder.
  2. Select the Default Properties tab.
  3. Select a Default Authentication level of at least Connect. Note: For sensitive systems, an authentication level of Packet Privacy is recommended.
  4. Click OK.
  5. Verify that DCOM objects still function properly after making changes.
False Negatives: If the user running this check does not have administrator rights (or equivalent rights to read the registry and file system) on the target host, the check could result in a false negative for vulnerable hosts.
Required Permission: If the user running this check does not have administrator rights (or equivalent rights to read the registry and file system) on the target host, the check could result in a false negative for vulnerable hosts.
Additional Information:

References:

Microsoft Knowledge Base Article 176799
INFO: Using DCOM Config (DCOMCNFG.EXE) on Windows NT
http://support.microsoft.com/default.aspx?scid=kb;[LN];176799

ISS X-Force
DCOM default authentication level
http://www.iss.net/security_center/static/1339.php


X-Force Logo
Know Your Risks
Mitre.org CVE Logo
Common Vulnerabilties & Exposures