Open-source detection tool uncovers vulnerabilities in DCOM ahead of Microsoft's March 2023 patch. Users can quickly determine if their networks contain unsecured DCOM made unusable by the new Microsoft patch.
OTORIO has released the open-source Microsoft Distributed Component Object Model (DCOM) Hardening Toolkit. The aim is to protect OT systems from possible problems in connection with an upcoming Microsoft patch. Because Microsoft itself writes: “14. March 2023, hardening changes are enabled by default with no option to disable them. At this point, you must resolve any compatibility issues with the hardening changes and applications in your environment."
Check before Microsoft switches
The standalone, open-source toolkit can be used by any organization to detect weak DCOM authentication applications and provide temporary workarounds. OTORIO RAM² users also have automatic access to a new alert in Safe Active Query, enabling detection across the network.
The OPC Data Access (OPC DA) protocol was introduced in 1995 to enable real-time data communication between the programmable logic controller (PLC) and software in OT networks. However, OPC DA is based on DCOM technology, which has security vulnerabilities. In 2008, Microsoft introduced the non-DCOM dependent OPC Unified Architecture (OPC UA) protocol, but many industrial companies still use OPC DA.
Microsoft patch comes in phases
In 2021, Microsoft acknowledged a critical vulnerability in its DCOM protocol and announced a hardening patch to strengthen authentication between DCOM clients and servers. To minimize service disruption, the patch was released in phases. The first patch introduced the ability to enable hardening of weak authentication levels in DCOM, but was disabled by default; the second forced hardening by default with an option to disable it; the third rollout of the DCOM hardening patch had automatically increased all non-anonymous activation requests from DCOM clients; and on March 14, 2023, Microsoft will issue a new patch that will remove the option to enable unsecured DCOM altogether.
Do the code have a problem or not?
With OTORIO's DCOM Hardening Toolkit, users can quickly determine if their networks contain unsecured DCOM that the new patch will render unusable. It then provides remediation instructions to ensure organizations remain in full control of their OT devices.
"Companies need to understand whether they have a problem or not, and that's where our toolkit comes in," explains Yair Attar, CTO and co-founder of OTORIO. “If an organization applies the March patch and loses critical visibility and communication between nodes on its network, it could incur significant financial losses. Our goal is to prevent such a catastrophe.”
RAM² of OTORIO collects and analyzes multiple data sources present in the OT environment. These include e.g. B. SCADA (Supervisory Control and Data Acquisition), programmable logic controllers (SPS/PLC), distributed control systems (DCS), historical databases, technical systems and more. The solution then enriches this analysis with operational context, vulnerabilities and exposures to assess the security posture and identify and prioritize OT security threats.Go to the OORIO tool on GitHub
About OTORIO OTORIO is an OT (Operational Technology) security company providing end-to-end solutions for proactive digital risk management. These help industrial companies around the world to maintain business continuity and protect ongoing operations. OTORIO provides comprehensive security risk assessment, monitoring and management solutions and services for critical infrastructure, intelligent transportation and logistics systems and industrial manufacturing companies.