Our Brands

Welcome to the Schneider Electric Website

Welcome to our website.
		
How can we help you today?
What is the impact on OFS by installing the Microsoft updated KB5004442 ?

Article available in these languages: German

Concerned Product Line
TLXCDLUOFS36OPC DATA SERVER LARGE 1 STATION DVD
TLXCDLTOFS36OPC DATA SERVER LARGE 10 STATIONS DVD
TLXCDLFOFS36OPC DATA SERVER LARGE 200 STATIONS DVD
TLXCDUPDLOFSOPC DATA SERVER LARGE UPDATE DVD
TLXCDSUOFS36OPC DATA SERVER SMALL 1 STATION DVD
TLXCDSTOFS36OPC DATA SERVER SMALL 10 STATIONS DVD
TLXCDUPDSOFSOPC DATA SERVER SMALL UPDATE DVD

Environment
Windows

Description of the problem

This note is to announce an important break in OFS architectures.  Due to cyber security issues, Microsoft released a security patch identified KB5004442, intended to harden DCOM and RPC technologies. Technologies which may be used by OPC DA in some cases.

More technical information about this patch can be found at the following URL:
https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c

Microsoft planned the deployment of this patch in 3 steps:

Step 1: On going. Modification is implemented in Windows, but inoperative by default. It is possible to enable it by a register key

Step 2: June 2022. Modification is implemented in Windows and enabled by default. It is still possible to disable it using a register key

Step 3: March 2023. Modification is implemented, operative, without any possibility to deactivate it

Due to high complexity in configuration, and poor cyber security, we did not recommend these remote architectures anymore.

For the customers who relied on such remote architectures (DCOM), after installing and enabling this patch, OFS, do not communicate any more with remote clients

Notes:
Remote architectures are when OFS server is running on a different machine than the SCADA or the OPC DA client.

Local architectures (OFS server is installed on the same machine as the SCADA / OPC DA client) are not concerned by this problem.


Proposed work around

At this moment, there is no way to fix this issue. For customers who would face it, there are 2 possibilities:
Whenever possible, to adapt the architecture by using COM instead of DCOM. This means to install OFS servers on the same machine as OPC DA clients
or

To replace OFS by OPC UA Server Expert, to rely on OPC UA protocol

Schneider Electric Hong Kong

Explore more
Range:
Users group

Discuss this topic with experts

Visit our Community for first-hand insights from experts and peers on this topic and more.
Explore more
Range:

Need help?

  • Start here!

    Find answers now. Search for a solution on your own, or connect with one of our experts.

  • Contact Support

    Reach out to our customer care team to receive more information, technical support, assistance with complaints and more.

  • Where to buy?

    Easily find the nearest Schneider Electric distributor in your location.

  • Search FAQs

    Search topic-related frequently asked questions to find answers you need.

  • Contact Sales

    Start your sales enquiry online and an expert will connect with you.

I'd like to receive news and commercial info from Schneider Electric and its affiliates via electronic communication means such as email, and I agree to the collection of information on the opening and clicks on these emails (using invisible pixels in the images), to measure performance of Schneider Electric's communications and to improve them. For more details, please read our Privacy Policy.

  • Products Documentation
  • Software Downloads
  • Product Selector
  • Product Substitution and Replacement
  • Help and Contact centre
  • Find our Offices
  • Get a Quote
  • Where to buy
  • Careers
  • Company Profile
  • Report a misconduct
  • Accessibility
  • Newsroom
  • Investors
  • EcoStruxure
  • Job Search
  • Blog
  • Privacy Policy
  • Cookie Notice
  • Terms of use
  • Change your cookie settings
Your browser is out of date and has known security issues.

It also may not display all features of this website or other websites.

Please upgrade your browser to access all of the features of this website.

Latest version for Google Chrome, Mozilla Firefox or Microsoft Edgeis recommended for optimal functionality.