CVE-2021-26414 / KB5004442 - Hardening of DCOM from March 2022

AdamWoodland · ‎2022-02-08

Last June Microsoft released a security update as part of the normal update process for DCOM due to a vulnerability, however the bugfix was only active when a registry setting was specifically enabled.

From 8th March 2022 onwards the bugfix will be active unless specifically disabled.

https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-... for the details.

If you use OPC-DA, OPC-AE or OPC-HDA to a remote IP you may need to review and update your Windows DCOM security settings else you may find things unable to connect. If the OPC service endpoint is localhost (including when using the Geo SCADA tunneller functionality) you are probably ok, but I strongly recommend checking anyway to be sure!

sbeadle · ‎2022-03-09

In response to this there is to be a revision to the Geo SCADA OPC drivers to set the DCOM behaviour up to be compatible with these Microsoft changes. We anticipate this will be released in the March 2022 Monthly Updates.

Thank you.

BevanWeiss · ‎2022-03-09

Thanks Steve,

Is there an ETA for when they might be available? We've got a couple of customers that use the OPC drivers pointing back towards GeoSCADA Expert servers for some server health monitoring stuff... they're about the only things we're expecting to have some challenges that are GeoSCADA Expert related due to the DCOM changes.

Would really love to get the 'fixed' version deployed into their Test/Dev environments well in advance of the June 2022 Microsoft cutoff.

Lead Control Systems Engineer for Alliance Automation (VIC).
All opinions are my own and do not represent the opinions or policies of my employer, or of my cat..

sbeadle · ‎2022-03-10

Hi Bevan,

just a few weeks. The 'final' cutoff for this is now in 2023, which is when the ability to use DCOM without security is blocked from updated Windows releases.

BevanWeiss · ‎2022-03-10

Ahh, Microsoft obviously changed their original timelines.

That's great, although I wish they would have communicated it a bit better, we've still be trying to run towards a June 2022 deadline. March 2023 is much more achievable, although I do fear this will put it on the IT backburner... and we'll be scrambling again in Feb 2023 😉

Lead Control Systems Engineer for Alliance Automation (VIC).
All opinions are my own and do not represent the opinions or policies of my employer, or of my cat..

AndrewScott · ‎2022-03-11

@BevanWeiss wrote:
We've got a couple of customers that use the OPC drivers pointing back towards GeoSCADA Expert servers for some server health monitoring stuff... they're about the only things we're expecting to have some challenges that are GeoSCADA Expert related due to the DCOM changes.

If you're using the OPC drivers to monitor a remote Geo SCADA server then you don't need to use DCOM at all, with all the associated pain than comes with DCOM. Instead you can create a local Geo SCADA client connection to the remote server and then use that in the OPC drivers.

Andrew Scott, R&D Principal Technologist, AVEVA

CVE-2021-26414 / KB5004442 - Hardening of DCOM from March 2022

CVE-2021-26414 / KB5004442 - Hardening of DCOM from March 2022

li.media.uploader-dialog.title

This is a heading