Endpoint VulnerabilityMicrosoft Windows DCOM Server CVE-2021-26414 Security Feature Bypass Vulnerability
Description
A Windows DCOM server security feature bypass allows a malicious server to be activated by a user, enabling integrity compromise; the root cause is missing enforcement of RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, and Microsoft has released phased updates for Windows 10, 11, Server 2016-2022.
Affected Applications
Windows Server version 20H2 (Server Core Installation)
Windows RT 8.1
Windows Server version 2004 (Server Core installation)
Windows Server 2016
Windows Server 2012
Windows 8
Windows 7
Windows 10
Windows Server 2008
Windows Server 2019
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2021-06-09 | 1.00247 |
New
|
Windows Server, version 20H2 (Server Core Installation),Windows RT 8. 1,Windows Server, version 2004 (Server Core installation),Windows Server 2016,Windows Server 2012,Windows 8,Windows 7,Windows 10,Windows Server 2008,Windows Server 2019 |
| ID | 67844 |
| Created | Jun 08, 2021 |
| Description Updated |
Jan 10, 2026 |
| CVE ID | |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Microsoft |
| Patch | auto |
| Application | Windows Server version 20H2 (Server Core Installation) , Windows RT 8.1 , Windows Server version 2004 (Server Core installation) , Windows Server 2016 , Windows Server 2012 , Windows 8 , Windows 7 , Windows 10 , Windows Server 2008 , Windows Server 2019 |