SIEM & UEBA

 View Only
Expand all | Collapse all

WMI Problem CVE-2022-30190

  • 1.  WMI Problem CVE-2022-30190

    Posted Jun 22, 2022 02:36 AM
    Dear

    we have detected that wmi stops working because of the update.
    Microsoft patches Follina vulnerability (CVE-2022-30190) in Windows with June 2022 updates .
    WMI queries are rejected
    The issue affects Windows Server 2012 and Windows Server 2019 for me.
    Has the same thing happened to you?
    Do you know any kb to solve it, as we can't receive log from windows servers?

    Regards


  • 2.  RE: WMI Problem CVE-2022-30190

    GROUP ADMIN
    Posted Jun 27, 2022 02:01 AM
    Hi Ivan

    Windows OMI integration should continue to work.

    We introduced OMI support in FortiSIEM from version 6.3.3 https://docs.fortinet.com/document/fortisiem/6.3.3/release-notes/749147/whats-new-in-6-3-3 and details can be found here https://docs.fortinet.com/document/fortisiem/6.5.0/external-systems-configuration-guide/421011/microsoft-windows-server 

    Thanks

    ------------------------------
    Daniel
    FortiSIEM Product Manager
    ------------------------------



  • 3.  RE: WMI Problem CVE-2022-30190

    Posted Jun 28, 2022 05:32 AM
    Hi Daniel

    In order to resolve this issue, you can disable the registry key RequireIntegrityActivationAuthenticationLevel on the Windows server hosting the Domain Controller(s). If this is not an option for you, consider one of the remaining options listed below.

    Path : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat
    Value Name: "RequireIntegrityActivationAuthenticationLevel"
    Type: dword
    Value Data: 0x00000000 means disabled.
    Note: You must enter Value Data in hexadecimal format. You must restart your device after setting this registry key for it to take effect.


    Regards