Microsoft's DCOM updates, advisory from Water ISAC

sbeadle · ‎2023-03-17

Has anyone been getting feedback on Microsoft's 'final' DCOM planned change?

The DCOM issue here is a plan which Microsoft have been implementing since June 2021. The March 14 2023 event is a release of the final set of patches which mandate that software must use the correct security parameters.

Water ISAC have released this advisory:

https://www.waterisac.org/portal/DCOM

But it’s an update to their 2022 notification about the issue.

This is the Microsoft original notification and timeline:

https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-...

This is the actual vulnerability it all relates to:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26414

Applications which use DCOM need to use the correct parameters. Geo SCADA has been modified in:

Geo SCADA 2022 – included since release.

Geo SCADA 2021 – included since March 2022 update.

Geo SCADA 2020 – included since March 2022 update.

Geo SCADA 2019 – included since March 2022 update.

Thanks

Steve

du5tin · ‎2023-03-21

We have been working thru this with a few customers by upgrading to the latest Geo SCADA and then applying windows updates. Mostly we are still stuck on the Microsoft disabling TLS 1.0/1.1 but the remediation is the same.

So far no major issues found though. When they started rolling out DCOM hardening patches and registry updates last year Geo SCADA performed way better than other vendor's systems.

sbeadle · ‎2023-03-22

Thank you Dustin