Subscribe via RSS
Toggle Submenu
  1. Categories
  2. Recent
  3. Tags
View Replies (4)

Resolved Powerbuilder 12.6 and MS Decom issue

  1. Issue
0
Votes
Undo
  1. Jay Hastings
    Jay Hastings
  2. PowerBuilder
  3. Thursday, 16 June 2022 15:55 PM UTC


We still have apps using 12.6.  My manager is asking if these are affected by the MS Decom issues? 

 

That's about all I know.

 

Thanks for any help

 

Jay

Powerbuilder 2019 R3 runtime dll's
Application crashes with Runtime 21.0.0.1509
Responses (4)
Jay Hastings
Jay Hastings Accepted Answer Pending Moderation
  1. Monday, 20 June 2022 15:16 PM UTC
  2. PowerBuilder
  3. # 1

Thank you Julie

Comment
There are no comments made yet.
Julie Jiang @Appeon
Julie Jiang @Appeon Accepted Answer Pending Moderation
  1. Monday, 20 June 2022 03:33 AM UTC
  2. PowerBuilder
  3. # 2

Hi Jay,

Our team has checked and found out, PowerBuilder itself (either 12.6, or the later Appeon versions) are not affected by the MS DCOM issue. 

It is possible that a PowerBuilder application may use a DCOM server for OLE features.  However, 1) the DCOM server is a feature outside of PowerBuilder product code and installation package, 2) PowerBuilder does not provide any special compatibility/integration for DCOM server, and 3) the security fix for this issue doesn't require PowerBuilder to do something from client-side perspective. 

Therefore, please check whether you are using DCOM server with your PowerBuilder application.  If not, everything shall be fine.  If yes, please follow the suggestion given by Microsoft at https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c to mitigate the issue.

Best regards, Julie


 

Comment
There are no comments made yet.
Jay Hastings
Jay Hastings Accepted Answer Pending Moderation
  1. Thursday, 16 June 2022 16:46 PM UTC
  2. PowerBuilder
  3. # 3

This is what I'm told.

 

KB5004442—Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414)

 

Thank you

Comment
Armeen Mazda @Appeon
  1. Armeen Mazda @Appeon
  2. Thursday, 16 June 2022 16:56 PM UTC
Our product management team will respond soon about this, but our assessment will be based on current versions of PB. 12.6 is not only EOL but also was SAP version that Appeon did not produce. With that said, if this vulnerability exists in current versions then most likely it would also exist in 12.6 since DCOM is legacy feature.
  1. Helpful
Roland Smith
  1. Roland Smith
  2. Thursday, 16 June 2022 17:06 PM UTC
My understanding is that the purpose of DCOM is to allow COM objects installed on a server to be access remotely using RPC (Remote Procedure Call). The CVE was logged due to security issues with that process.
  1. Helpful 2
There are no comments made yet.
Armeen Mazda @Appeon
Armeen Mazda @Appeon Accepted Answer Pending Moderation
  1. Thursday, 16 June 2022 16:29 PM UTC
  2. PowerBuilder
  3. # 4

What is the CVE number of the vulnerability?  https://cve.mitre.org/cve/search_cve_list.html

Comment
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.