Tuesday, December 6, 2022
Microsoft patch KB5004442 (DCOM Hardening) addresses vulnerability CVE-2021-26414, which was disclosed on June 8, 2021. To achieve this, Microsoft is updating its DCOM cybersecurity requirements, resulting in a loss of communications for some users. Communication interruption may occur when the Default Authentication Levels are not set properly.
Previously, any default authentication level would be accepted, and as such many applications force DCOM connections to use 'None' to achieve communication quickly. After applying the Hardening patch, only default authentication levels of "Packet Integrity" and "Packet Privacy" are allowed.
Note: Changing "Authenication Level" using DCOMCNFG and even changing Windows Registry settings will not help past March 14, 2023, because these applications override system settings in their source code. Microsoft is trying to end this poor programming practice because it risks communication security without user knowledge.
The patch was released in response to a number of security concerns that had been raised about DCOM, including the potential for hackers to remotely execute malicious code on affected systems. The patch aims to address these vulnerabilities by modifying the way that DCOM handles incoming requests and by limiting the types of requests that it will accept.
Another important feature is the ability to block DCOM requests from untrusted sources. This can help to prevent malicious code from being executed on an affected system, even if a user inadvertently visits a website or opens a file that contains malicious code.
Overall, the DCOM Hardening patch is an important security update for users of Microsoft Windows operating systems. It helps to protect against potential vulnerabilities in the DCOM system, reducing the risk of remote code execution and other security threats.
This patch will affect users running Windows 8.1 and later (including winds 10 and Windows 11), alongside users running Windows Server 2012R2 and later (including Windows Server 2022).
This patch will not affect users running Windows 8 and earlier (including Windows XP and Windows 7), alongside users running Windows Server 2012 and earlier (including Windows Server 2003).
Using an OPC client such as OPC Expert, users can bypass DCOM requirements completely to achieve communication. There are three different configurations available which allows users to use local (COM) connections. For more information on these configurations, visit OPC Expert.
Use Windows Registry to disable temporarily
This solution will work only until March 14, 2023.
Do not apply Microsoft patch KB5004442 or subsequent patches.
Note: Any Microsoft patch release after March 14, 2023 will retroactively include KB5004442, and as such will enable DCOM Hardening.
OPCTI is the global leader in OPC training for automation professionals, and is the largest OPC training company in the world. OPCTI offers hands-on training workshops in-person and online.
OPCTI is vendor-neutral, meaning that we will teach you how to establish and implement a robust and secure communication infrastructure, no matter what OPC products you use - the training that you receive from OPCTI can be immediately implemented at your workplace. Our progressive training will enable you to increase your efficiency, security, and productivity.
The Certified OPC Professional (COP) designation is only offered by OPCTI. The designation is awarded to those who have successfully completed our training, and who demonstrate proficiency with OPC technology, design architecture, and installations. The COP designation is endorsed by many OPC Foundation member companies.
OPCTI is an active member and a strong supporter of the OPC Foundation. Randy Kondor, President and Chief Instructor at OPCTI currently serves as the Vice President of Education at the OPC Foundation.
Visit our Training Schedule to see where OPCTI is currently offering training workshops, or contact us to find out more about private trainings for you and your team at your site.