UaGateway DCOM with Microsoft DCOM hardening patch

Questions regarding installing, running and configuring UaGateway.

Moderator: uagateway

Post Reply
jonathang
Hero Member
Hero Member
Posts: 32
Joined: 02 Nov 2015, 19:07

UaGateway DCOM with Microsoft DCOM hardening patch

Post by jonathang »

Dear Support Team,

Are there any known issues, concerns, or recommendations when using the UaGateway (OPC DA client to OPC UA Server) after installing and enabling the Microsoft DCOM hardening patch KB5004442?

More information:
  • Microsoft patch: https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c
  • Possible issues: https://www.industrialcybersecuritypulse.com/strategies/the-permanent-microsoft-dcom-hardening-patch-could-shut-down-your-ics/?oly_enc_id=9130E1754601G1D
  • Press release from Software toolbox: https://support.softwaretoolbox.com/app/answers/detail/a_id/4005/~/opc-data-client-applications-and-dcom-hardening-%28cve-2021-26414%2C-kb5004442%29

Sincerely,

Jonathan

User avatar
Support Team
Hero Member
Hero Member
Posts: 3064
Joined: 18 Mar 2011, 15:09

Re: UaGateway DCOM with Microsoft DCOM hardening patch

Post by Support Team »

Hi,

is this a theoretical question, or do you have experienced any issues?

The DCOM hardening patch will NOT EFFECT the UaGateway because UaGateway is configured to run LOCAL ONLY connections without using DCOM.
UaGateway was designed to migrate classic OPC installations, but (of course) is intended to use secured OPC UA remotely (over the wire). The (potentially insecure) classic connections will be configured locally on the same PC only, where the hardening patch has no effect.

Therefore, if you have used UaGateway as intended, there will be no issues with the DCOM hardening patch from Microsoft.

See here how to configure UaGateway:
https://documentation.unified-automation.com/uagateway/1.5.12/html/limitations.html#limitations_only_local_dcom_connections
Best regards
Unified Automation Support Team

jonathang
Hero Member
Hero Member
Posts: 32
Joined: 02 Nov 2015, 19:07

Re: UaGateway DCOM with Microsoft DCOM hardening patch

Post by jonathang »

Dear Support Team,

This is a theoretical question. We have multiple customers using the UaGateway and no one has reported any issues. We just wanted to be ready in case this topic came up.

Thank you very much for your answer.


Sincerely,

Jonathan

Post Reply