Schaedler Yesco

Microsoft DCOM Hardening Patch

5/5/2022





Topic:
Microsoft DCOM Hardening Patch (MS KB5004442) and its effect on Rockwell Software (Rockwell KB Article PN1581)


Are you on a Windows system? 

Learn how to protect your Rockwell Automation Software from the upcoming Microsoft DCOM Hardening Patch.

 

What is DCOM?

The Distributed Component Object Model (DCOM) Remote Protocol is a protocol for exposing application objects using remote procedure calls (RPCs). DCOM is used for communication between the software components of networked devices.

 

OK, what is the issue with DCOM?

Security vulnerabilities were published in June 2021 under CVE-2021-26414 exposing security risks with the then current version of DCOM in the Windows Operating System. A DCOM hardening patch was then released via the Windows Update System. This patch is disabled by default with the ability for users to enable it through a registry key. In June 2022, the DCOM hardening patch will be enabled by default with the ability for user to disable it through a registry key. Finally, in March of 2023, disabling the DCOM hardening patch will no longer be an option. All affected software with compatibility issues will need to be resolved.

 

Great, what is a CVE?

CVEs are Common Vulnerabilities and Exposures, and they are managed by The MITRE Corporation and catalogued by MITRE and NIST.

 

Got it. So how does this affect me?

Looking at Rockwell Automation Knowledgebase article PN1581, Rockwell has categorised their software products into Directly Affected, Indirectly Affected, and Unaffected.

 

What steps should I take to resolve these issues so that my software continues to work?

  1. If at all possible, do not install the DCOM hardening patch KB5004442 from Microsoft until you have had a chance to inventory and assess the list of products you have and how those are affected by the DCOM hardening patch. Note that this workaround will only be a viable option until mid-June 2022 when Microsoft will force the hardening patch to be installed – BUT it can be disabled until March 2023.
  2.  If you find that a product is on the affected list, look at the version list starting on page 8 of the attached document. If possible, use the Rockwell PCDC (Product Compatibility and Download Center) to get an unaffected version of the selected software. If an unaffected version does not yet exist, Rockwell will be releasing patches.
  3.  If you have systems that use Client and Server components on separate machines, if possible, move the Server and Client components to the same computer so that only COM is used so that DCOM is no longer required for Remote OPC connections until a patched and unaffected version can be installed. Again, this could be a serious undertaking and most likely not a first mitigation step – but something to consider if the timing between the DCOM hardening patch push happens before a patched Rockwell product is available.
  4.  If any of your systems were installed or developed by a System Integrator or OEM machine builder, Rockwell recommends that customers reach out to their SI / OEM for guidance as well as contacting Rockwell Automation directly for assistance.
  5. As always, patches and upgrades should be tested on development / non-production systems to test the functionality and viability of the patch and any version upgrade required of the project before running the new software on production systems. 


Where can I go to learn more about the original Microsoft DCOM vulnerability?

https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c

 

What if I want to learn more about CVE-2021-26414?

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26414

https://www.cve.org/CVERecord?id=CVE-2021-26414

 

Where can I learn more about more about resolving any issues with the Rockwell Automation Software that I have installed?

Log in to your account in the Rockwell Automation Knowledgebase and look up the following articles – PN1581, IN39470, IN39472, IN39471, IN39473, IN38475, and QA63606:

https://rockwellautomation.custhelp.com/

 

For more information, contact our Smart Manufacturing Business Development Specialist,  Frank X. Aponte Alsina

w: +1 (717) 233-1621 x2245  |  c: +1 (223) 800-9490

Additional News