{}

Our Brands

Impact-Company-Logo-English Black-01-177x54

Welcome to the Schneider Electric Website

Welcome to our website.
Search FAQs
What is the impact on OFS by installing the Microsoft updated KB5004442 ?

Article available in these languages: German

Concerned Product Line
TLXCDLUOFS36OPC DATA SERVER LARGE 1 STATION DVD
TLXCDLTOFS36OPC DATA SERVER LARGE 10 STATIONS DVD
TLXCDLFOFS36OPC DATA SERVER LARGE 200 STATIONS DVD
TLXCDUPDLOFSOPC DATA SERVER LARGE UPDATE DVD
TLXCDSUOFS36OPC DATA SERVER SMALL 1 STATION DVD
TLXCDSTOFS36OPC DATA SERVER SMALL 10 STATIONS DVD
TLXCDUPDSOFSOPC DATA SERVER SMALL UPDATE DVD

Environment
Windows

Description of the problem

This note is to announce an important break in OFS architectures.  Due to cyber security issues, Microsoft released a security patch identified KB5004442, intended to harden DCOM and RPC technologies. Technologies which may be used by OPC DA in some cases.

More technical information about this patch can be found at the following URL:
https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c

Microsoft planned the deployment of this patch in 3 steps:

Step 1: On going. Modification is implemented in Windows, but inoperative by default. It is possible to enable it by a register key

Step 2: June 2022. Modification is implemented in Windows and enabled by default. It is still possible to disable it using a register key

Step 3: March 2023. Modification is implemented, operative, without any possibility to deactivate it

Due to high complexity in configuration, and poor cyber security, we did not recommend these remote architectures anymore.

For the customers who relied on such remote architectures (DCOM), after installing and enabling this patch, OFS, do not communicate any more with remote clients

Notes:
Remote architectures are when OFS server is running on a different machine than the SCADA or the OPC DA client.

Local architectures (OFS server is installed on the same machine as the SCADA / OPC DA client) are not concerned by this problem.


Proposed work around

At this moment, there is no way to fix this issue. For customers who would face it, there are 2 possibilities:
Whenever possible, to adapt the architecture by using COM instead of DCOM. This means to install OFS servers on the same machine as OPC DA clients
or

To replace OFS by OPC UA Server Expert, to rely on OPC UA protocol

Schneider Electric Singapore

Explore more
Range:
Articles that might be helpful Users group

Discuss this topic with experts

Visit our Community for first-hand insights from experts and peers on this topic and more.
Explore more
Range: