- Distributed Component Object Model Remote Protocol (DCOM) is used for communication between applications running in a Windows environment
- Microsoft released a Windows update to harden DCOM
- This update poses risks to ICS applications dependent on DCOM
In June 2021, in response to a security vulnerability, Microsoft released a Windows update (KB KB5004442) to harden the DCOM component of Windows. Organizations should be aware that many industrial control system applications utilize DCOM protocols. This update can impact the ability of networked devices to communicate, resulting in effects such as the inability to use HMI or SCADA software, or loss of historical tag data.
Some impacted applications include: RSLogix 5/500/5000, RSLinx Classic, FactoryTalk applications, ThinManager, and KEPServer Enterprise.
Champion recommends that organizations review their installed software for use of DCOM and the potential impact of this update. Most ICS software vendors have published information on their affected software as well as possible mitigations for any impacts from applying these updates. For actively maintained software, vendors are working to deliver patches for their software to work with the update. Until these patches are available, it will be necessary to either postpone installation of the Windows updates or apply mitigations to disable the new DCOM hardening features. Be aware, however, that if the Windows updates are installed, it will not be possible to disable the DCOM hardening features after March 14, 2023.
We’re Here to Help
Champion can work with you to help you decide which Windows updates are appropriate to install and deliver those updates to your critical ICS systems. Champion can also provide recommendations on working with software that may no longer be supported by the vendor or assist you with planning upgrade paths. Finally, when things do break, Champion can assist with recovery. We will continue to monitor the situation and be prepared to keep our clients informed.