trabajador ingeniero profesional masculino control calidad mantenimiento inspeccion fabricacion almacenamiento almacen capacitacion operadores fabrica control hombres ingenieria e ia

Goodbye DCOM. How Microsoft’s new patch affects the industry

/in , ,

Communication and data exchange between the different devices that make up an industry is very common. In fact, the automation processes in a factory consist of different software, controllers and devices from various manufacturers and brands, but which in turn all communicate with each other through communication protocols.

One of them is known as DCOM (Distributed Component Object Model or Distributed Component Object Model), created by Microsoft, which is used for communication between the software components of network devices and allows applications on different computers or different layers communicate and collaborate with each other. In industry, it has been used in applications that require information transfer from one software layer to a higher layer or vice versa. Such as manufacturing traceability or the actual data history of an automated line.

For its part, the OPC (OLE for Process Control) protocol allows Windows programs to communicate with industrial hardware devices. It is the most popular data connectivity standard used to communicate between controllers, devices, applications, and other server-based systems for data transfer. This protocol was created in the mid-90s with the aim of finding a common interface for the communication of industrial processes. The version named as OPC DA is based on the DCOM technology, which we explained previously, this protocol allows in an abstract way the communication of different elements of the process network.

However, OPC DA uses DCOM communications to pass information between devices and has become one of the most widely used communication standards in industrial automation. It is used to respond to one of the biggest challenges in the automation industry: how to communicate devices, controllers and/or applications without falling into the usual problems of connections based on proprietary protocols.

That is why more than a protocol, OPC-DA is a standard for data connectivity that is based on a series of OPC specifications managed by the OPC Foundation. Therefore, any software that is compliant with these OPC specifications provides users and integrators with open connectivity independent of both the device manufacturer and the client application developer. This is one of its main advantages.

The interoperability facilitated by this protocol has enabled the implementation of advanced automation and control systems in a wide variety of applications in industry, such as energy management, production automation, and critical infrastructure management. It has also contributed to the implementation of emerging technologies in the industry, such as the Internet of Things and artificial intelligence, by facilitating communication between devices and systems from different manufacturers and enabling the integration of production data into advanced analytics.

For some time now, due to the need to find more cybersecurity integrations between systems and with all the existing software layers today, the OPC UA alternative emerged, this new standard has the same objective as the previous one of standardizing communications between systems but it adds power in communications and security and encryption necessary to make these communications secure.

OPC DA and OPC UA have been living together for some time in the industry with the difference that OPC DA is in its end of life cycle helped by Microsoft and its new versions, and OPC UA has a long way to go due to how it is designed in compliance with current cybersecurity regulations.

Microsoft’s KB5004442 patch: a change in the technology landscape

Windows security patches are updates designed to resolve vulnerabilities in computers running this operating system. It is common for all operating systems to have vulnerabilities, but the solution to this problem lies in updating the operating system that includes the corresponding patches or solutions.

But in Microsoft’s June 2022 cumulative updates, a security patch was included to limit the exposure of CVE-2021-26414 with CVSS 4.3 where a potential attacker could bypass security options implemented in the DCOM communication protocol. The patch created for this is KB5004442.

This issue allowed attackers with unprivileged local access to read protected operating system files, which could lead to the exposure of sensitive information and unauthorized takeover of devices and systems, disruption of critical processes, and leaking confidential data. In industrial settings, this can have serious consequences, as production interruptions can have a significant financial impact and, in some cases, even jeopardize the safety of workers. By installing Microsoft security patch KB5004442, enterprises can protect against this critical vulnerability and ensure the integrity and availability of their control and automation systems and devices.

That is why this patch increases the security level required for DCOM communications by default. But all applications that use the Windows API to establish DCOM connections between two devices are affected just like the OPC-DA protocol.

While Microsoft’s KB5004442 patch is important to the industry because it resolves a critical security vulnerability in DCOM, it also raises concerns for entities. And as of March 2023, this patch increases the security level required for DCOM communications without the possibility of being disabled. But not all OPC implementations use DCOM, but the OPC applications that will be affected are classic distributed (remote) DA/AE/HDA1 applications, which will need to use a minimally secure authentication configuration called “packet integrity”. Applications using local OPC UA and OPC DA/AE/HDA classic do not use DCOM and are therefore not affected as the OPC client function runs locally.

OPC-DA users who intend to continue to rely on DCOM in their OPC Classic architectures will need to pay close attention to these new changes. If DCOM security updates are not properly mitigated, data connectivity may be lost.

Specialists indicate that after the march 2023 update, administrators will no longer be able to disable security features. The only options at this point will be to obtain updated versions of the affected applications from the software vendors, to switch to using solutions such as OPC DA/UA bridge, which eliminates the use of DCOM, and to migrate to other communication methods such as OPC -UA.

Faced with the new changes, many of the companies and industries that use the OPC-DA protocol wonder how it will affect them and what solutions to find when a problem arises with this new patch. At HEXA Ingenieros you can find the answer to solve this problem. We are a team of experts in the sector and we will work to help you find the best software and automation solutions.

 

You might also like
Joint development of a new product. Business Technology InternetProduct development for a service company
Workman at store house in orange helmetApplications of a maintenance manager
Ransomware ataqueRansomware has taken the industry as one of its main targets
Tecla mantenimientoWhat is a CMMS?
automatización en la cadena de suministro 2This is how the integration of automation in the supply chain works
moving conveyor transporter on Modern waste recycling processingAutomation in the recycling industry
1 Automatización en la industria portuaria 2Automation in the port industry
Gemelos digitales 2Digital twins: what are they and what are their benefits for the industry