Microsoft DCOM hardening tool discovers vulnerabilities

B2B Cyber ​​Security ShortNews

Share post

Open-source detection tool uncovers vulnerabilities in DCOM ahead of Microsoft's March 2023 patch. Users can quickly determine if their networks contain unsecured DCOM made unusable by the new Microsoft patch.

OTORIO has released the open-source Microsoft Distributed Component Object Model (DCOM) Hardening Toolkit. The aim is to protect OT systems from possible problems in connection with an upcoming Microsoft patch. Because Microsoft itself writes: “14. March 2023, hardening changes are enabled by default with no option to disable them. At this point, you must resolve any compatibility issues with the hardening changes and applications in your environment."


Check before Microsoft switches

The standalone, open-source toolkit can be used by any organization to detect weak DCOM authentication applications and provide temporary workarounds. OTORIO RAM² users also have automatic access to a new alert in Safe Active Query, enabling detection across the network.

The OPC Data Access (OPC DA) protocol was introduced in 1995 to enable real-time data communication between the programmable logic controller (PLC) and software in OT networks. However, OPC DA is based on DCOM technology, which has security vulnerabilities. In 2008, Microsoft introduced the non-DCOM dependent OPC Unified Architecture (OPC UA) protocol, but many industrial companies still use OPC DA.


Microsoft patch comes in phases

In 2021, Microsoft acknowledged a critical vulnerability in its DCOM protocol and announced a hardening patch to strengthen authentication between DCOM clients and servers. To minimize service disruption, the patch was released in phases. The first patch introduced the ability to enable hardening of weak authentication levels in DCOM, but was disabled by default; the second forced hardening by default with an option to disable it; the third rollout of the DCOM hardening patch had automatically increased all non-anonymous activation requests from DCOM clients; and on March 14, 2023, Microsoft will issue a new patch that will remove the option to enable unsecured DCOM altogether.

Do the code have a problem or not?

With OTORIO's DCOM Hardening Toolkit, users can quickly determine if their networks contain unsecured DCOM that the new patch will render unusable. It then provides remediation instructions to ensure organizations remain in full control of their OT devices.

"Companies need to understand whether they have a problem or not, and that's where our toolkit comes in," explains Yair Attar, CTO and co-founder of OTORIO. “If an organization applies the March patch and loses critical visibility and communication between nodes on its network, it could incur significant financial losses. Our goal is to prevent such a catastrophe.”

RAM² of OTORIO collects and analyzes multiple data sources present in the OT environment. These include e.g. B. SCADA (Supervisory Control and Data Acquisition), programmable logic controllers (SPS/PLC), distributed control systems (DCS), historical databases, technical systems and more. The solution then enriches this analysis with operational context, vulnerabilities and exposures to assess the security posture and identify and prioritize OT security threats.

Go to the OORIO tool on GitHub



OTORIO is an OT (Operational Technology) security company providing end-to-end solutions for proactive digital risk management. These help industrial companies around the world to maintain business continuity and protect ongoing operations. OTORIO provides comprehensive security risk assessment, monitoring and management solutions and services for critical infrastructure, intelligent transportation and logistics systems and industrial manufacturing companies.


Matching articles on the topic

Attacked vulnerability in Samsung smartphones running Android 12, 13

One of the vulnerabilities that Samsung's May update closes is even reported by the CISA - Cybersecurity and Infrastructure Security Agency ➡ Read more

Bitmarck & health insurance companies: There are still failures

More than 2 months ago, the IT provider for dozens of health insurance companies and company health insurance companies, Bitmarck, was hit by a cyber attack. Even whole had to ➡ Read more

AOK: Software vulnerability - BSI confirms data leak

The AOK and many of their nationwide offices use the software product MOVEit Transfer. There is now the dangerous vulnerability CVE-2023-34362, ➡ Read more

China malware: Volt Typhoon targets critical US infrastructure

Microsoft investigated the Volt Typhoon malware and determined that it was created by a state-sponsored actor based in China ➡ Read more

COSMICENERGY: OT malware is designed to cause power outages

Mandiant is reporting a new specialized Operational Technology (OT) malware being observed under the name COSMICENERGY. The malware ➡ Read more

Lockbit steals 700 GB of data from MCNA with 9 million customers

MCNA Dental, North America's largest dental insurer, has had to inform all of its nearly 9 million customers at a loss of 700 ➡ Read more

Zero Trust: Advanced User Intelligence

A Zero Trust Data Security company presents its Advanced User Intelligence. The new functions support companies in preventing cyber attacks ➡ Read more

Attacks using Web3 IPFS technology

IPFS is a Web3 technology that decentralizes and distributes the storage of files and other data on a peer-to-peer network. Like any ➡ Read more