Goodbye DCOM. How Microsoft's new patch affects the industry

Communication and data exchange between the different devices that make up an industry is very common. In fact, the automation processes in a factory consist of different software, controllers and devices from various manufacturers and brands, but which in turn all communicate with each other by means of communication protocols.  One of them is known as DCOM (Distributed Component Object Model), created by MicrosoftThis is used for communication between the software components of networked devices and allows applications on different computers or different layers to communicate and collaborate with each other. In industry, it has been used in applications that require the transfer of information from one software layer to another or vice versa. Such as manufacturing traceability or the historical data of an automated line itself. For its part, the OPC protocol (OLE for Process Control)  allows Windows programs to communicate with industrial hardware devices. It is the data connectivity standard The most popular protocol used to communicate between drivers, devices, applications and other server-based systems for data transfer. This protocol was created in the mid-1990s with the aim of finding a common interface for communication of industrial processes. The version named OPC DA is based on the DCOM technology, which we explained above, this protocol allows in an abstract way the communication of different elements of the process network. However, the OPC DA uses DCOM communications to pass information between devices and has become one of the most widely used communication standards in industrial automation and is used to answer one of the biggest challenges in the automation industry: how to communicate devices, controllers and/or applications without falling into the usual problems of DCOM-based connections. protocols.  That is why more than just a protocol, OPC-DA is a standard for data connectivity which is based on a set of OPC specifications managed by the OPC Foundation. Therefore, any software that is compatible with these OPC specifications provides users and integrators with open connectivity independent of both the device manufacturer and the client application developer. This is one of its main advantages.  The interoperability facilitated by this protocol has enabled the implementation of advanced control and automation systems in a wide variety of applications in industry, such as energy management, production automation and critical infrastructure management. It has also contributed to the implementation of emerging technologies in industry, such as the internet of things and artificial intelligence, by facilitating communication between devices and systems from different manufacturers and enabling the integration of production data into advanced analytics. Some time ago, due to the need to find more "cybersecure" integrations between systems and with all the existing software layers, the OPC UA alternative emerged. This new standard has the same objective as the previous one of standardizing communications between systems but adds power in communications and the security and encryption necessary to make these communications secure. OPC DA and OPC UA have been coexisting for some time in the industry with the difference that OPC DA is at the end of its life cycle helped by Microsoft and its new versions, and OPC UA has a long way to go because it is designed to comply with current cybersecurity regulations.

Microsoft's KB5004442 patch: a game changer in the technology landscape

The Windows security patches are updates designed to resolve vulnerabilities in computers running this operating system. It is common for all operating systems to have vulnerabilities, but the solution to this problem lies in updating the operating system with the corresponding patches or solutions. But in Microsoft's June 2022 cumulative updates, a security patch was included to limit the exposure of CVE-2021-26414 with CVSS of 4.3 where a potential attacker could bypass the security options implemented in the DCOM communication protocol. The patch created for this is the KB5004442. This issue allowed attackers with unprivileged local access to read protected operating system files, which could lead to exposure of confidential information and unauthorized takeover of devices and systems, disruption of critical processes and leakage of sensitive data. In industrial environments, this can have serious consequences, as disruptions in production can have a significant financial impact and, in some cases, even jeopardize the safety of workers. When installing the Microsoft security patch KB5004442In addition, companies can protect themselves against this critical vulnerability and ensure the integrity and availability of their control and automation systems and devices.  That is why this patch increases by default the security level required for DCOM communications. But all applications that use the Windows API to establish DCOM connections between two devices are affected like the OPC-DA protocol.  While Microsoft's KB5004442 patch is important to the industry because it addresses a critical security vulnerability in DCOM, it also raises some concerns for organizations. Y as of March 2023, this patch increases the security level required for DCOM communications. without the possibility of being disabled. However, not all OPC implementations use DCOM, but the OPC applications that will be affected are the classic distributed (remote) DA/AE/HDA1 applications.These must use an authentication configuration with minimum security called "packet integrity". Applications using OPC UA and OPC DA/AE/HDA classic premises do not use DCOM and are therefore not affected since the OPC client function is executed locally. OPC-DA users who intend to continue to rely on DCOM in their OPC Classic architectures should pay close attention to these new changes. Failure to properly mitigate DCOM security updates may result in loss of data connectivity.  Specialists indicate that after the March 2023 updateIf the security functions are disabled, administrators will no longer be able to disable them. The only options at this point will be to obtain updated versions of the affected applications from software vendors, switch to the use of solutions such as bridge OPC DA/UA, which eliminates the use of DCOM, and migrate to other communication methods, such as OPC-UA. Faced with the new changes, many of the companies and industries that use the OPC-DA protocol are wondering how it will affect them and what solutions to find when a problem arises with this new patch. At HEXA Engineers you can find the answer to solve this problem. We are a team of industry experts and we will work to help you find the best software and automation solutions.