OTORIO Releases Microsoft DCOM Hardening Toolkit for OT Systems

News provided by

Jan 25, 2023, 08:00 ET

New Open Source Detection Tool Uncovers Vulnerable DCOM in Advance of March Microsoft Patch

TEL AVIV, Israel, Jan. 25, 2023 /PRNewswire/ -- OTORIO, the leading provider of operational technology (OT) cyber and digital risk management solutions, today launched an open source Microsoft Distributed Component Object Model (DCOM) Hardening Toolkit to protect OT systems against potential issues related to an upcoming Microsoft patch. The standalone open source toolkit can be accessed by all organizations to detect and supply temporary workarounds for weak DCOM authentication applications. OTORIO RAM²users also automatically have access to a new alert in the Safe Active Query that allows detection across the entire network.

The OPC Data Access (OPC DA) protocol was launched in 1995 to enable the communication of real-time data between the programmable logic controller (PLC) and software within OT networks. However, OPC DA is based on DCOM technology, which includes security vulnerabilities. In 2008, Microsoft launched the non-DCOM-dependent OPC Unified Architecture (OPC UA) protocol, but many industrial businesses still use OPC DA.

In 2021, Microsoft acknowledged a critical vulnerability in its DCOM protocol and announced a hardening patch to strengthen the authentication between DCOM clients and servers. To minimize business disruption, it has released the patch in phases. The first patch introduced the ability to enable the hardening of the weak authentication levels in DCOM, but was disabled by default; the second enforced the hardening by default with the option to disable it; the third rollout of the DCOM hardening patch had automatically risen all non-anonymous activation requests from DCOM clients; and on March 14, 2023, Microsoft will issue a new patch that removes the option to enable unsecured DCOM altogether.

OTORIO's DCOM Hardening Toolkit enables users to quickly discover whether their networks include unsecured DCOM that will be rendered inoperable by the new patch. It then provides remediation instructions to make sure that organizations maintain full control of their OT devices.

"Organizations need to understand whether or not they have a problem, and that's where our toolkit comes in," said Yair Attar, CTO & Co. Founder of OTORIO. "If a company applies the March patch and loses critical visibility and communication between nodes in its network, it could experience significant financial losses. Our goal is to prevent that kind of catastrophe."

OTORIO's RAM² collects and analyzes multiple data sources present in the OT environment, such as supervisory control and data acquisition (SCADA), programmable logic controllers (PLC), distributed control systems (DCS), historian databases, engineering systems, and more. It then enriches this analysis with operational context, vulnerabilities, and exposures to assess security posture and identify and prioritize OT security threats.

Find the Hardening Toolkit on Github: https://github.com/otoriocyber/DCOM-HardeningTool

About OTORIO

OTORIO delivers proactive, orchestrated, and industrial-native OT cyber solutions. Effectively protecting industrial digitalization, OTORIO combines innovative technology, deep research, and proven real-world OT cybersecurity expertise. To learn more, visit OTORIO.com.

SOURCE OTORIO