Navigating the Final Phase of DCOM Hardening
March 7, 2023
Microsoft will be releasing the final phase of its DCOM hardening updates on March 14th, 2023.
This update will keep DCOM hardening enabled and remove the ability to disable it. What this means is that there may be issues with devices communicating.
Here at Grantek we can help our clients navigate through the final phase of this saga and ensure that their production systems are not negatively impacted by the upcoming patch.
Reach out to us at info@grantek.com to get started.
Understanding DCOM Hardening Updates
DCOM stands for “Distributed Component Object Model” and is a technology used by Windows applications to enable inter-process communication over a network.
The goal of the Microsoft patch is to prevent unauthorized access to computers via DCOM protocols, which could potentially lead to malicious attacks or data breaches. Once implemented, this patch will limit communication between different devices and applications, potentially leading to production system disruptions.
How We Can Help
We understand how disruptive this update could be for our client’s production systems, so we are providing services to help our customers prepare for the update before it goes into effect on March 14th, 2023.
We can thoroughly analyze your current environment and provide you with an actionable plan tailored specifically to your needs. This plan will include steps you can take to ensure that all devices in your production system are able to communicate properly once the patch goes live, such as updating existing infrastructure or implementing new software solutions.
Additionally, our team can provide ongoing support after implementation to monitor performance and troubleshoot any issues arising from the update.
DCOM Next Steps
The upcoming release of Microsoft’s final phase of DCOM hardening updates has potential negative impacts ranging from single-device communications issues all the way up to forced production shutdowns due to operators not being able to visualize/operate their systems properly.
We want to make sure our customers don’t experience any negative impacts from this update when it rolls out in March 2023—and we’re here to help them do just that!
By providing services such as analysis of current environments, actionable plans unique to each customer’s needs, and ongoing support after implementation, we can ensure that our client’s production systems remain unaffected by this upcoming patch changeover.
Contact us today at info@grantek.com if you have any questions or would like more information about how we can help!
DCOM FAQ
What is DCOM?
The Distributed Component Object Model (DCOM) is a protocol used for communication between software components on different computers on a network.
In a nutshell, DCOM allows a computer (say computer A) to run programs over the network on a different computer (computer B) as if these programs were located on this local machine (computer A).
What is Microsoft DCOM hardening?
Microsoft revealed the Windows DCOM Server Security Feature Bypass vulnerability on June 8, 2021. This vulnerability is identified as CVE-2021-26414: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26414
Microsoft fix for this vulnerability is called DCOM hardening, which enforces DCOM authentication on the server side. In order to minimize issues for end-users and give them time to migrate if necessary, Microsoft took a phased roll-out approach.
The final phase of the DCOM hardening will be part of the upcoming Windows Update to be released on March 14, 2023.
Is DCOM still used?
DCOM is used by a lot of software to communicate between 2 networked computers.
For instance, software using OPC-DA (OPC-Data Access) as a communication method between computers will be directly impacted.
Is DCOM a security risk?
Microsoft identified the DCOM Server Security Feature Bypass vulnerability as a cybersecurity vulnerability: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26414
What is the replacement for DCOM?
It is a complex question. There is no direct replacement per say. You would have to use a different communication methods/standards altogether to ‘get rid of DCOM’, such as migrating from OPC-DA to OPC-UA (OPC Unified Architecture).
Contrary to OPC-DA, OPC-UA does not rely on DCOM communication.
The end-users need to understand what software are affected and take the appropriate remediation steps such as deploying affected products patches.
Do I need DCOM enabled?
Yes, if you want software using DCOM to keep communicating.
Should I disable DCOM?
Yes, if you want software using DCOM to stop communicating.
Is DCOM still supported?
Yes. Microsoft is addressing the DCOM vulnerability found in 2021 by applying a succession of fixes that will culminate on March 14, 2023.