Yes, Jumbo Hotfix Accumulators include changes to make AD Query compatible with this.
Microsoft documented the changes with regards to DCOM hardening in the following knowledge base article:
A Microsoft Windows Active Directory Domain Controller (AD DC) will, after being rebooted after the 14th of June 2022, no longer respond to non-signed DCOM packets when they arrive. One can implement a temporary work around to continue receiving and processing unsigned packets, but functionality of this work around ends on the 14th of March 2023.
How to implement temporary work around:
- Login to your AD DCs and make the following registry change, please reboot the DCs after making this adjustment for the change to take effect
- Start -> Run -> regedit
- Copy & paste the following registry key path in to the address bar of regedit:
- Create a new DWORD registry item called RequireIntegrityActivationAuthenticationLevel, with a decimal value of 0
CheckPoint, as many other vendors, took a while to refactor their code to make use of the new requirement. CheckPoint integrates to a wide variety of devices for identity awareness information and includes two methods to learn IPs of workstations joined to a domain provided by AD DCs. The ADQuery method uses DCOM to subscribe to Security Event logs which essentially inform the firewall of what user authentication sessions originated from what PCs and another which runs as an application on a workstation or server in the network and presents a consolidated stream of authentication events from all AD DCs to a firewall without it being individually configured for each DC in the network.
The change requires the installation of a JHA (Jumbo Hotfix Accumultator) which introduces support for the new method. This update is however only available for all versions in active support.
Example entry from the R80.40 JHA take 158 changelog confirming support for Microsoft's response to CVE-021-26414: