On this page, you will learn what DCOM is, the impact of Microsoft's DCOM hardening rollout, why you need to migrate to modern technologies, how solutions like OPC UA and tunneling help, and resources for Software Toolbox products that can help, as well as resources to get to latest versions of Software Toolbox products and stop using DCOM.
DCOM or Distributed COM is a Microsoft technology created a long time ago, that enables Windows based software applications to communicate with each other over a network. OPC Classic DA, HDA, & A&E use DCOM to allow OPC clients and servers to communicate to each other over networks. OPC Classic clients and servers on the same computer do not use DCOM.
Microsoft still supports DCOM, though there are many newer technologies that replace it, including OPC UA, secure tunneling, and even IoT solutions like MQTT can be used. Microsoft is continuing to harden the security in DCOM in response to the CVE-2021-26414 vulnerability, with their KB5004442 update. Those changes are making it more challenging for OPC Classic clients and servers to interoperate reliably over a network and between different Windows versions. Misconfigured DCOM can create other horrors as we have covered in our technical blog posts about DCOM horrors. DCOM is not firewall friendly as it uses a range of ports, and does not handle network interruptions and recovery in a graceful manner. Modern cybersecurity risks demand that users modernize the technologies used for software to communicate over networks.
We cover this in more detail in our dedicated DCOM Hardening Technical FAQ but the bottom line is if you are using OPC DA clients and OPC DA servers that are connected client to server over a network, you are likely going to be affected.
Microsoft will start enforcing the use of Packet Level Integrity security in DCOM that is installed with the KB5004442 update starting with the June 14th, 2022 Windows updates on Windows Server 2008 and higher, Windows 10, and Windows 11. You'll be able to disable the requirement via a registry entry until March 2023, afterwards it will be mandatory.
If you are on older operating systems, you may not be affected but by running an unsupported OS and software, your business is taking non-trivial cybersecurity risks. You must consider updating, switching to OPC UA, and or using an OPC tunneling solution between now and March 2023.
The OPC UA standards no longer use DCOM, instead using a secure, TCP/IP single port based, encrypted, authenticated connection between clients and servers. If your OPC applications support OPC UA, you need to be migrating to using those interfaces. Software Toolbox's OPC products support OPC UA, many since 2008, and are robust, resilient and ready to switch over from DA.
With Microsoft's efforts to harden the security on DCOM, which ramp up to the March 2023 planned change that will make hardened DCOM security mandatory on currently supported operating systems, you need to make a plan to update your OPC Classic applications. Whether that's to use OPC UA or replace DCOM with some form of tunneling, you need to make a plan. Your Software Toolbox products already support OPC UA, but you should be on the latest version, which is a free upgrade if you are on support & maintenance, which can also be re-instated if needed.
Below is a list of resources on various ways to eliminate DCOM from your control systems.
Free trials of all products are available from their respective webpages. How to videos and guides are listed next on this page.