Recent Control & Safety Systems Discussions
Similar Posts
ftp location for windows server 2008 x64 sp2
Installation Antivirus Symantec in Deltav12 Windows Server 2008 R2 64 bits
how to disable that windows server 2008 r2 domain password change request. For DeltaV 12.3.1
I'm using DeltaV V11.3, Windows 7/Server 2008. I need the most recent Microsoft security updates but don't have a support contract. Should I not be able to get these from my Deltav local distributor?
DeltaV Version 10 Server 2008
Share

Windows Server 2008 - Security patches

We have had a windows update destroy our ability to configure fieldbus devices on our Windows Server 2008 machine, DeltaV explorer hangs when we click on I/O.

Our IT dept connected our server to the Internet for security patches and then forgot to disconnect. Many of the updates that were installed have since removed, however these three (The three .dll update files (msxml4.dll)) cannot be uninstalled and are causing serious issues.

can anyone help?

GaryL

6 Replies

  • Tim Alexander

    Removal of Windows Updates should be done through Windows Control Panel > Add Remove Programs > View Installed Updates and removing the specific Microsoft Updates that are not approved. Removing them this way should roll back the changed dll files that they modified.

    Tested Updates are documented in Knowledgebase Article AK-1300-0005: "Microsoft Released Security Updates for DeltaV Systems"

    After removing the updates I would suggest running a regall which can be done by: Command Prompt > regall /register > reboot after completion

    The regall will help DeltaV reregister its necessary DLLs, some of which could have been modified by the Microsoft Updates.

  • GaryL

    In reply to Tim Alexander:

    Thanks Tim, ill give it a try..
  • DCSNewbie
    Wow. Is all I can say. Your IT department need to understand that control system machines are not like home PC's. I would most certainly be getting some analysis done on this system to make sure that malware has not been introduced at the same time it was connected to the internet.

    Best practices :

    Never connect control systems directly to untrusted networks - This includes business networks that ultimately contain internet connectivity. Always connect using firewalls/Intrusion Detection etc, utilizing DMZ environments - For example, if there is a need (OSIsoft PI data) - However, in my opinion, patching is not a requirement for making any connections like this.

    Download the approved and tested patches using the Emerson KBs - Always check the hash of the downloaded files.

    Burn the patches to CD/DVD - which should be clean. This should be done on using a machine that has all patches and antivirus up to date

    "Sneakernet" them to your systems/machines. Then install. Always remember to restart the machines after patch installation is complete.

    If you want to be more cautious - Use the Emerson B&R (Acronis) and take regular (weekly) image backups - This will allow for quick rollback. But also this allows you to virtualize your machines to re-create your control machine system set up. Ideal for testing any patches. Remember that this really only tests against the operating system and not the controls side - But may give you a warmer feeling before going live with patches. Also very handy for testing more regular antivirus definition updates.

    If you had system restore enabled you may be able to roll back before the updates.

    I know its probably a bit late and you have found out the hard way....

    PS - Here is a Microsoft link to the MS Parser files and the updates.

    support.microsoft.com/.../list-of-microsoft-xml-parser-msxml-versions
  • GaryL

    In reply to DCSNewbie:

    thank you for the advice I will pass the information on :)
  • Alexandre Peixoto
    GaryL.

    I concur with most of the comments shared by other colleagues here, but due to the critical conditions your system might be into right now, I'd advise you to get support from Emerson to recover your environment based on some of our cybersecurity services. Recovering the workstation that was connected to the internet is certainly an important step, but I see several areas of improvement on your system (from a cybersecurity point of view) that we can help you based on said services offering. Revisiting your network segmentation, security policies and some other key areas would certainly be places to start since you may already be running your DeltaV system on an unsupported deployment type which may lead to many other issues. I highly recommend you to reach out to your local Emerson Impact Partner or Field Sales Office for information about our Performance Services to address your concerns.

    Regards,

    Alexandre Peixoto
  • Rob32
    Hi Gary,
    I am the Business Development Manager for Cybersecurity in Europe based out of the UK and am quite often up in the North East. If you require further help or just information feel free to contact me on robert.sharrock@emerson.com
    Best regards
    Rob

This is the official online community site of the Emerson Global Users Exchange, a forum for the free exchange of non-proprietary information among the global user community of all Emerson Automation Solution's products and services. Our goal is to improve the efficiency and use of automation systems and solutions employed at members’ facilities by sharing our knowledge, experiences, and application information.

User Groups | World Areas | Community Guidelines | Legal Information | Privacy Policy | Contact Community Manager

Website translation provided by Website Translator

© 2015-2022 Emerson Global Users Exchange. All rights reserved.