Chris Monchinski, CTO Inflexionpoint
The March 14, 2023 DCOM hardening patch is a permanent security measure implemented by Microsoft in order to protect DCOM applications from potential cyberattacks, and it is essential for manufacturers to understand the implications of this patch as it is irreversible.
What is the Microsoft DCOM Patch?
Microsoft DCOM is distributed computer communication – computers talking to computers. DCOM interfaces are built on technology that involves OLE for process control (OPC), OLE standing for ‘object linking and embedding,’ which is standard in communication throughout automation, as the framework underpinning OPC-DA. On March 14, 2023, Microsoft will be launching a DCOM hardening patch that you need to know about.
Over the years, DCOM technology has been vulnerable to cyberattacks; it can be exploited through attacks like spoofing. The goal of the March 14th patch is to improve security by modifying DCOM applications to accommodate the new security stance Microsoft is putting in place. Newer automation communications technology such as OPC-UA does not utilize DCOM, it uses web-based protocols. These protocols are more robust and enable more secure technologies.
This DCOM hardening patch is not new. In the operational technology (OT) space, this patch has been a reoccurring headache as Microsoft has continuously launched different patches to address problems. In the past, users had the ability to manually undo patch’s changes. However, the March 14th patch is not reversible. This patch will be permanent. What does that mean for manufacturers?
How Could This Patch Affect Me?
Without installing the patch, you run the risk of a cyberattack. Afterall, the goal of this patch is to improve security. In addition, you run the risk of being out of date with any other patches that Microsoft will release – you will not be able to address bugs that these future patches may address. If you try to avoid this patch and do not install it, your system will be out of support.
Essentially, any software of a certain age that does visualization of factory floor equipment will be affected. Because DCOM implements intercommunication between systems in a factory within the OT space, any customer using SCADA and MES layer software packages by Rockwell Automation, GE, Siemens, Honeywell, and more could be affected. Each vendor has recommendations and guides to how
their technology will be affected by this patch. Newer products may not be affected by the patch.
So, you say your system isn’t connected to the internet and therefore not vulnerable… note that system licenses are no longer provided through a key FOB in the back of the machine, they are delivered and verified through the internet and are bound to that machine. Even if you manually activate that license, you will be exchanging files from elsewhere and if you lose that machine, where is the license? It was embedded on the machine that you’ve now lost the hard drive for. Every system is connected in some way, nothing is an island.
Risk Assessments for This Patch
Inflexionpoint is already working with customers to address DCOM patch concerns. We can help you by performing a risk assessment of your systems and audit your software.
We have found that many customers don’t know exactly what they have installed for their systems. They have software throughout the factory, but they may not know what versions are deployed, which past patches have been installed, or what the vendors recommend for patches.
Inflexionpoint can help you organize your system and create a strategy to be able to respond effectively, reduce risk, and move forward with the latest Microsoft DCOM patch. March 14th will arrive sooner than you think.
Managed Service Provider
At Inflexionpoint, we offer managed service provider (MSP) contracts to manage all of this information and monitor systems for vulnerabilities, advise clients on what we’re seeing, and proactively take action to keep the systems you depend on in OT safe and functional.