DCOM Hardening Patch Overview
CVE-2021-26414 documents a Windows DCOM server security feature bypass vulnerability. As a result, Microsoft is addressing this vulnerability with a hardening patch. On June 14, 2022, the hardening changes will automatically be enabled unless the user chooses to disable them. On March 14, 2023, the hardening changes will be enabled by default with no means to disable them. This is documented in Microsoft's Windows support knowledge base article KB5004442.
Rockwell Automation® Software DCOM Significance:
One consequence of the DCOM hardening patch from Microsoft is it will affect client/server communications between some Rockwell Automation software applications. These software applications may be either directly or indirectly affected and are listed in Rockwell Automation's knowledge base article PN1581, which is available to everyone regardless of TechConnect℠ status.
Mitigation Response:
The corrective action is to install the patch(es) from Rockwell Automation or install newer unaffected versions of the software application(s) that will be available from the PCDC site.
Patches for "preferred" and "managed" versions of these directly affected products will be provided as shown in the list below.
Directly affected Rockwell Automation® products:
- FactoryTalk® Services (versions 6.21, 6.20, 6.11, 6.10, 3.00, 2.90)
- FactoryTalk Linx (versions 6.21, 6.20, 6.11, 6.10, 6.00, 5.90)
- FactoryTalk Linx Gateway (versions 6.21, 6.20, 6.11, 6.10, 6.00,3.90)
- FactoryTalk Linx Data Bridge (versions 6.21.01, 6.20, 6.11)
- RSLinx® Classic (versions 4.21, 4.20, 4.12, 4.11, 4.10, 4.00.01)
- FactoryTalk View Site Edition (versions 12.00, 11.00, 10.00, 9.00)
- FactoryTalk ViewPoint (versions 12.00, 11.00, 10.00, 9.00)
- FactoryTalk Batch (versions 14.00, 13.00.02)
- ThinManager® (versions 12.01, 12.00, 11.02, **11.01, **11.00)
- FactoryTalk Transaction Manager (versions 13.10, 13.00, 12.10, 12.00)
- **FactoryTalk® ProductionCentre® (versions 10.04, 10.03, 10.02, 10.01)
- **FactoryTalk® VantagePoint® (versions 8.31, 8.30, 8.20, 8.10, 8.00, 7.00)
- **Pavilion8® (versions 5.17.01, 5.17.00, 5.16, 5.15.01, 5.15)
Note: Patches for all software products will be included in the Rockwell Automation monthly patch rollup; except for products preceded with ‘**’ these products do not participate in the Rockwell Automation monthly patch rollup.
Important links for additional information:
- CVE-2021-26414 Windows DCOM Server Security Feature Bypass
- Microsoft KB5004442 Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414)
- Rockwell Automation Knowledge Base ID PN1581 Rockwell Automation products are unable to establish proper DCOM connection after installing the Microsoft DCOM Hardening patch (CVE-2021-26414)
- Rockwell Automation PCDC site for downloading software patches and patch roll-ups
need more information?
If you have any questions related to Rockwell Automation software or the DCOM patch update, reach out to our specialist team.