WaterISAC Releases Advisory for Microsoft DCOM Patch

Cybersecurity and Infrastructure Security Agency sent this bulletin at 03/15/2023 01:27 PM EDT

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

03/15/2023 08:00 AM EDT

The Water Information Sharing and Analysis Center (WaterISAC) has released an advisory, Potential for Mandatory Microsoft DCOM Patch to Disrupt SCADA. ICS/OT/SCADA engineers and operators should assess the use of the Distributed Component Object Model (DCOM) protocol in their industrial environments. According to WaterISAC, “failure to address could result in loss of critical communications between impacted ICS/OT/SCADA devices.”

CISA urges operators to review the WaterISAC advisory and apply recommended compensating controls. See Microsoft KB5004442—Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414) for more information.

Having trouble viewing this message? View it as a webpage.

You are subscribed to updates from the Cybersecurity and Infrastructure Security Agency (CISA)
Manage Subscriptions | Privacy Policy | Help

Connect with CISA:
Facebook | Twitter | Instagram | LinkedIn | YouTube