Find out how SCADA systems and networks, like EcoStruxure Geo SCADA Expert, help industrial organizations maintaining efficiency, processing data for smarter decision making with IoT, RTU and PLC devices.
Posted: Friday
Has anyone been getting feedback on Microsoft's 'final' DCOM planned change?
The DCOM issue here is a plan which Microsoft have been implementing since June 2021. The March 14 2023 event is a release of the final set of patches which mandate that software must use the correct security parameters.
Water ISAC have released this advisory:
https://www.waterisac.org/portal/DCOM
But it’s an update to their 2022 notification about the issue.
This is the Microsoft original notification and timeline:
This is the actual vulnerability it all relates to:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26414
Applications which use DCOM need to use the correct parameters. Geo SCADA has been modified in:
Geo SCADA 2022 – included since release.
Geo SCADA 2021 – included since March 2022 update.
Geo SCADA 2020 – included since March 2022 update.
Geo SCADA 2019 – included since March 2022 update.
Thanks
Steve
Posted: Tuesday
We have been working thru this with a few customers by upgrading to the latest Geo SCADA and then applying windows updates. Mostly we are still stuck on the Microsoft disabling TLS 1.0/1.1 but the remediation is the same.
So far no major issues found though. When they started rolling out DCOM hardening patches and registry updates last year Geo SCADA performed way better than other vendor's systems.
Posted: yesterday
Thank you Dustin
Create your free account or log in to subscribe to the forum - and gain access to more than 10,000+ support articles along with insights from experts and peers.