Help
FortiSIEM Discussions
IvanSipos
New Contributor II

Created on ‎06-22-2022 02:36 AM

WMI Problem CVE-2022-30190

Dear

we have detected that wmi stops working because of the update.
Microsoft patches Follina vulnerability (CVE-2022-30190) in Windows with June 2022 updates .
WMI queries are rejected
The issue affects Windows Server 2012 and Windows Server 2019 for me.
Has the same thing happened to you?
Do you know any kb to solve it, as we can't receive log from windows servers?

Regards
364
0 Kudos
2 REPLIES 2
DanielHanman
Staff
Staff

Created on ‎06-27-2022 02:01 AM

Hi Ivan

Windows OMI integration should continue to work.

We introduced OMI support in FortiSIEM from version 6.3.3 https://docs.fortinet.com/document/fortisiem/6.3.3/release-notes/749147/whats-new-in-6-3-3 and details can be found here https://docs.fortinet.com/document/fortisiem/6.5.0/external-systems-configuration-guide/421011/micro... 

Thanks

------------------------------
Daniel
FortiSIEM Product Manager
------------------------------
-------------------------------------------
Original Message:
Sent: Jun 22, 2022 02:36 AM
From: Ivan Sipos
Subject: WMI Problem CVE-2022-30190

Dear

we have detected that wmi stops working because of the update.
Microsoft patches Follina vulnerability (CVE-2022-30190) in Windows with June 2022 updates .
WMI queries are rejected
The issue affects Windows Server 2012 and Windows Server 2019 for me.
Has the same thing happened to you?
Do you know any kb to solve it, as we can't receive log from windows servers?

Regards
364
0 Kudos
IvanSipos
New Contributor II
In response to DanielHanman

Created on ‎06-28-2022 05:32 AM

Hi Daniel

In order to resolve this issue, you can disable the registry key RequireIntegrityActivationAuthenticationLevel on the Windows server hosting the Domain Controller(s). If this is not an option for you, consider one of the remaining options listed below.

Path : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat
Value Name: "RequireIntegrityActivationAuthenticationLevel"
Type: dword
Value Data: 0x00000000 means disabled.
Note: You must enter Value Data in hexadecimal format. You must restart your device after setting this registry key for it to take effect.


Regards-------------------------------------------
Original Message:
Sent: Jun 27, 2022 02:00 AM
From: Daniel Hanman
Subject: WMI Problem CVE-2022-30190

Hi Ivan

Windows OMI integration should continue to work.

We introduced OMI support in FortiSIEM from version 6.3.3 https://docs.fortinet.com/document/fortisiem/6.3.3/release-notes/749147/whats-new-in-6-3-3 and details can be found here https://docs.fortinet.com/document/fortisiem/6.5.0/external-systems-configuration-guide/421011/micro... 

Thanks

------------------------------
Daniel
FortiSIEM Product Manager
------------------------------

Original Message:
Sent: Jun 22, 2022 02:36 AM
From: Ivan Sipos
Subject: WMI Problem CVE-2022-30190

Dear

we have detected that wmi stops working because of the update.
Microsoft patches Follina vulnerability (CVE-2022-30190) in Windows with June 2022 updates .
WMI queries are rejected
The issue affects Windows Server 2012 and Windows Server 2019 for me.
Has the same thing happened to you?
Do you know any kb to solve it, as we can't receive log from windows servers?

Regards
364
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.