August 24, 2022 

For Montelektro, the cyber security of the software solutions we deliver to the clients is our significant concern. That is why we have published a document in which our clients have all information about the fast response to the identified cybersecurity vulnerabilities. We kindly ask our clients to regularly visit our website and check the updates published here, as the event is ongoing and new information will be available.

On the 8th of June 2021, Microsoft identified a medium vulnerability in the Microsoft Windows operating system, CVE – 2021 – 26414 Windows DCOM Server Security Feature Bypass. It requires a user with an affected version of Windows to access a malicious server. An attacker would have to host a specially crafted server share or website. Although the attacker would have no way to force users to visit this specially crafted server share, it could convince them to visit the server share or website, mainly via an enticement in an e-mail or chat message.

That is why Microsoft has released security patches targeting the vulnerability. However, patches significantly change the functionality of the part of operating systems which can also affect the functionality of the PCS solution. The activation of these patches must therefore be delayed until the vendors of all PCS components publish patches for their components or to confirm that Microsoft patches activation does not affect the operation of the component.

Information on security patches are available here:

KB1009 – CVE-2021-26414 Windows DCOM Server Security Feature Bypass August 24, 2022

KB1009-CVE-2021-26414-Windows-DCOM-Server-Security-Feature-Bypass-February 13, 2023