Recent Microsoft Update breaks COM implementation

4 Posts
2 Users
0 Likes
92 Views
b.lepeuple
(@b-lepeuplearcinfo-com)
Posts: 149
Estimable Member
Topic starter
 

Please note that recent Windows Updates designed to fix the Meltdown & Spectre vulnerabilities come with a side effect for our customers (and us).
The issue may affect PcVue, FrontVue and some partner products.

Symptoms:
PcVue starts, but the HDS does not archive any data, it cannot connect to Sv32.exe.
Fatal error (AIExplorer.exe) when launching the Application Explorer and Application Architect.

Other features may also be affected:

  • Tools connecting to the PcVue configuration server interface may be affected: Smart Generators, Command line tool for XML Generic import...
  • PcVue OPC Server
  • PcVue OPC Client

Microsoft Update references:

Note that Windows 7 SP1 and Windows Server 2008 R2 SP1 do not seem to be affected by the issue, despite the following updates roll-up:

(these lists may be incomplete)

For those of you who are eager to get more details, the issue affects software components that include either a COM server or a COM client. Among them, OPC-DA clients and servers because OPC-DA is based on the COM technology.
As extracted from the Microsoft articles:
When calling CoInitializeSecurity, the call may fail when passing RPC_C_AUTHN_LEVEL_NONE as the authentication level. The error returned on failure is STATUS_BAD_IMPERSONATION_LEVEL.

Solution:
Microsoft is rolling out fixes that are delivered via Windows Update.
As a temporary workaround, and until the fix is available, the specific Windows Update has to be uninstalled from affected computers.

Important note:
The Microsoft wording says 'the call may fail'. The issue is affecting some computers, but not all of them.
We could not reproduce the issue with the Windows 10 VM we use internally. But we already got tech support calls from affected users (on Windows Server 2012).

[edit Jan 19th, 2018] The following Windows updates are already available to fix the COM issue. We are not able to validate their effectiveness in all situations and they should be tested in the customer environment prior to being deployed in production.

Be aware that some of these updates are 'Optional', and depending on the Windows update configuration, they may not be installed automatically.

Just for you to know, this issue affects many COM based software, including many OPC clients and servers. Microsoft is reacting swiftly.

Please post here if you hear about this issue. Do not post anything confidential such as customer names and projects, but only affected operating systems and corresponding Windows update Id if not in the list above...
Some more actions will be taken next week. And if we have a wave of calls next week, we will communicate in a wider manner.

Thank you

PS: Thumbs up to Fabien & Brice.

 
Posted : 13/01/2018 2:31 am
b.lepeuple
(@b-lepeuplearcinfo-com)
Posts: 149
Estimable Member
Topic starter
 

I have updated the post to reflect the most recent news: Microsoft has started rolling out fixes for the COM 'known issue'.

You will notice that the fix is not yet available for all operating systems known to be affected (by Microsoft). Could be that:

  • The fix will come for the remaining operating systems in the coming days
  • The remaining operating systems may not be affected at all by the COM issue.
 
Posted : 19/01/2018 11:12 pm
f.boissie
(@f-boissiearcinfo-com)
Posts: 44
Member Moderator
 

Our customers with Windows Server 2012 will try the new Microsoft update KB 4057402.
Then he will send me the answer.

 
Posted : 22/01/2018 7:37 pm
b.lepeuple
(@b-lepeuplearcinfo-com)
Posts: 149
Estimable Member
Topic starter
 

Microsoft has rolled out updates that include the fix for the CoInitializeSecurity for the remaining Windows versions/builds.
I will update the original message and the security bulleting later this week.

 
Posted : 31/01/2018 12:26 pm