CVE-2021-26414: 
vulnerability analysis and mitigation

The Windows DCOM Server Security Feature Bypass (CVE-2021-26414) is a vulnerability in the Distributed Component Object Model (DCOM) Remote Protocol, which is used for communication between software components of networked devices. The vulnerability was disclosed on June 8, 2021, affecting various versions of Microsoft Windows operating systems (Microsoft Support).

The vulnerability relates to DCOM protocol's authentication mechanisms, specifically requiring hardening changes to enforce an Authentication-Level of RPCCAUTHNLEVELPKT_INTEGRITY or higher for activation. The CVSS v3.1 base score is 6.5 (Medium) according to NVD, with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. Microsoft's assessment gives it a slightly lower CVSS score of 4.8 (Medium) with vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N (NVD).

The vulnerability could allow an attacker to bypass DCOM server security features when the authentication level is set below the required integrity level. This affects the communication security between networked devices using DCOM for software component interaction (Microsoft Support).

Microsoft implemented a three-phase approach to address this vulnerability: Phase 1 (June 8, 2021) - Hardening changes disabled by default with ability to enable via registry key; Phase 2 (June 14, 2022) - Hardening changes enabled by default with ability to disable; Phase 3 (March 14, 2023) - Hardening changes permanently enabled with no disable option. The changes can be controlled through a registry key at HKEYLOCALMACHINE\SOFTWARE\Microsoft\Ole\AppCompat with value name 'RequireIntegrityActivationAuthenticationLevel' (Microsoft Support).