Is Your Plant Floor DCOM Ready?  

 

Imminent Permanent Microsoft Windows DCOM Patch

Jeopardizes ICS Equipment Following March 14th Deadline 

March 14, 2023, is a date that organizations utilizing operational technology (OT) should have circled on their calendars. After that date, it will no longer be possible to disable a critical Microsoft hardening patch that could trigger equipment shutdowns and lead to revenue disruptions, unless there are backups to restore from prior to the patch enablement. 

This anticipated hardening pitch could easily become a plant engineer’s worst nightmare when they suddenly report for work one morning only to find their digital assets offline and plant production at a complete standstill. 

Fortunately, two of the foremost experts in OT cybersecurity – Velta Technology and TXOne Networks – are teaming up to provide a solution that can temporarily disable the patch from being installed, thus preventing an unplanned shutdown, maintaining plant operations and keeping revenue streams intact. This affords your company valuable time to confer internally about how to prioritize and ultimately implement a more permanent, long-term solution.  

Microsoft first publicly disclosed news of the DCOM patch in June 2021, prompting some companies to take immediate action to mitigate any risk. Those who have not taken preemptive steps will suddenly find themselves in a predicament where they’re up against a less-than-three-month deadline to keep their assets online.  

The first step toward continuous, undisrupted OT operations is to understand your plant’s level of risk, which can be difficult to pinpoint without an accurate asset inventory. What we do know is that plant floors with industrial control systems (ICS) from brands like Rockwell Automation, GE, Honeywell, Siemens and others, are at risk because they all have an embedded
software component known as DCOM, or Distributed Component Object Model.  

Microsoft made the public disclosure after identifying an inherent Windows vulnerability known as the DCOM Server Security Feature Bypass, which was being used by hackers as a common attack vector. Microsoft classified it as a medium severity vulnerability and followed its standard practice of releasing security patches to strengthen the authentication between DCOM clients and servers. 

Microsoft’s DCOM hardening patch update scheduled to be enabled March 14, 2023, means some ICS equipment will be unable to establish a proper DCOM connection. This is especially true if your organization lacks an accurate asset inventory, making it impossible to understand the specific risks your plant is facing. Unless you’ve taken steps to re-write the impacted software or replace affected equipment, an ICS shutdown is likely to occur after the final patch is released on March 14th.  

If left unaddressed, manufacturing and critical infrastructure environments will be at high risk of disruption and negative implications, the most notable of which is a “bricking” of Windows devices rendering them inoperable. This can be problematic because it increases the likelihood of costly unscheduled downtime. Loss of visibility into machine controls can pose increased risk to physical safety resulting in potentially dangerous, uncontrollable operations, as well as regulatory violations which could lead to heavy fines or penalties.  

Although specific long-term solutions will vary from plant to plant depending on size and scope, one thing is for sure: re-writing thousands of lines of code or replacing entire ICS systems are not the most convenient solutions, especially when you’re in a time crunch to meet a deadline. 

Velta Technology and TXOne Networks are offering a cost-effective and time-saving solution that can stop the DCOM hardening patch, providing essential time needed to solve the problem without risking the adverse ramifications of the patch. 

TXOne’s Stellar endpoint solution is the key to implementing a system lockout feature that inhibits Windows updates and prevent the patch from being installed. It can monitor vulnerable process points by learning and authorizing actions through permission controls, which detects anything that may seem unusual or out of place. 

Additionally, Stellar provides DCOM malware protection to maintain system integrity without disrupting the system’s regular operation and gives asset owners a reprieve from Microsoft’s looming March 14, 2023, DCOM hardening patch deadline. 

The potential negative implications of the Microsoft DCOM hardening patch enablement should not deter plant operators and company executives from taking the steps necessary to understand and mitigate crucial risks to their plant floor for the short and long-term. The good news is you still have valuable lead time to prepare accordingly. 

Ensuring your plant floor and ICS are DCOM Ready will pay dividends in the future. Velta Technology and TXOne Networks are specially trained and equipped to help you make sense of the potential ramifications of the DCOM hardening patch. They will determine what it means for your organization specifically and create a plan to mitigate the risk of plant shutdowns and
revenue disruption.  

Learn more by downloading our Get DCOM Ready Business Brief now, and request a complimentary Get DCOM Ready consultation by calling 573-586-4306 or email us at info@veltatech.com.