ROCKWELL AUTOMATION’S INDUSTRIAL CONTROL SYSTEMS IMPACTED BY MICROSOFT'S DCOM HARDENING PATCH UPDATE YOUR SYSTEMS BY MARCH 14, 2023
On March 14, 2023, Microsoft will permanently enable the security features created to protect Distributed Component Object Model (DCOM) Remote Protocol communications. These comms are used in many client-server software packages, which include several of Rockwell Automation’s software offerings. The security features are being implemented to protect against a vulnerability in the Microsoft DCOM stack. Once enabled, these security features cannot be disabled. Impacting all Windows Server and Workstation operating systems since Windows 7 and Windows Server 2008, this update/patch could cause significant disruption to many ICS environments using client-server communications.
Rockwell Automation has released patches for recent versions of their software packages. To avoid disruption, these patches should be applied before March 14, 2023. Older versions of Windows Operating Systems and Rockwell Automation Software will need to be upgraded to a protected version. Review the Rockwell Automation Product Patches for Microsoft DCOM Hardening document to see affected software products and applicable patches.
McNaughton-McKay can assist you with identifying and patching affected systems. Please contact your McNaughton-McKay Account Manager to schedule an impact review.
Additional Information
Patch FactoryTalk Transaction Manager
Rockwell Automation Product Patches
Product Notification 2022-01-001
Manage Changes for Windows DCOM Server Security Feature Bypass