On March 14, 2023, Microsoft will release a third and final patch in a phased rollout that began in 2021 to address security bypass vulnerability CVE-2021-26414 in the Windows Distributed Component Object Model. This vulnerability affects the authentication between DCOM servers and DCOM clients, potentially allowing the ability to remotely execute malicious software on an affected network. Microsoft patch KB5004442 addresses how a DCOM server handles requests from DCOM clients and restricts the types of requests that it will accept.
What is DCOM?
DCOM is a Microsoft technology that enables data communication between software components distributed across server and client systems on a network. It is the underlying communication protocol of the OPC technology used in many industrial control systems to communicate between controllers, devices, and related software applications.
How Does It Affect LogMate?
The patch Microsoft rolled out in the previous phase was tested with LogMate, and TiPS has determined it will not negatively impact any LogMate modules, regardless of version numbers, that use DCOM for data communication. There are three modules that utilize DCOM:
- Capture OPC A&E Port – Uses OPC Alarms & Events to allow the LogMate Capture module to collect alarm and event data from an OPC AE source such as a control system and process into a SQL database.
- TRAC – Uses OPC Historical Data Access to access a control system’s historical database for performance trending, incident reviews, and analyses.
- OPC Client for KB – Uses OPC Data Access to allow the LogMate Alarm Knowledge Base access to real-time alarm configuration data.
Actions to Take
TiPS Engineering tested the patch and found no compatibility issues, therefore no action is needed regarding updating the LogMate application. However, system administrators will need to patch any Microsoft Windows-based machines that host any LogMate module, both server-side and client-side.
If needing more details on this issue and the steps TiPS has taken to validate LogMate compliance or seeking supporting documentation to submit for internal review, contact TiPS Support by email at firstname.lastname@example.org, schedule an appointment online, or call (512) 863-3653.