DOCUMENT:Q192788 20-MAY-2002 [sms] TITLE :SMS: Wuser32 Leaks Memory After UDP Port 1762 Attack PRODUCT :Microsoft Systems Management Server PROD/VER:winnt:1.2 OPER/SYS: KEYWORDS: ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Systems Management Server version 1.2 ------------------------------------------------------------------------------- SYMPTOMS ======== When using a utility to send packets to UDP port 1762, the Systems Management Server Remote Control Agent (Wuser32.exe) will rapidly allocate memory. This will continue until either no more memory can be allocated or the Systems Management Server Remote Control Agent is stopped. RESOLUTION ========== A supported fix that corrects this problem is now available from Microsoft, but has not been fully regression tested and should be applied only to systems experiencing this specific problem. If you are not severely affected by this specific problem, Microsoft recommends that you wait for the next Systems Management Server service pack that contains this fix. To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web: http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS The English version of this fix should have the following file attributes or later: Date Time Size File name Platform ------------------------------------------------------------ 10/5/98 3:36pm 170,720 Wuser32.exe (Intel) 10/5/98 3:29pm 345,872 Wuser32.exe (Alpha) 10/5/98 3:35pm 54,112 Multprot.dll (Intel) 10/5/98 3:30pm 129,296 Multprot.dll (Alpha) STATUS ====== Microsoft has confirmed this to be a problem in Systems Management Server version 1.2. MORE INFORMATION ================ To install the hotfix, perform the following steps on the Systems Management Server site server: 1. Replace the Wuser32.exe file in the \Site.srv\Maincfg.box\Client.src\.bin directory with the hotfixed version. 2. Replace the Multprot.dll file in the \Site.srv\Maincfg.box\Client.src\.bin directory with the hotfixed version. 3. Maintenance manager will replicate the updated files to the Logon.srv\.bin directory on the Systems Management Server logon servers during its next work cycle. After that occurs, you can update the clients. To update the clients, either manually run Upgrade.bat on each client or follow the instructions in the following article in the Microsoft Knowledge Base: Q166771 SMS: How to Force Site-Wide Client Updates NOTE: For consistency, Multprot.dll should also be updated in the \Site.srv\.bin on the Systems Management Server site server, as well as on any computers running the Systems Management Server Administrator tools. Additional query words: prodsms smsremtshoot out of virtual memory ====================================================================== Keywords : Technology : kbSMSSearch kbSMS120 Version : winnt:1.2 Hardware : ALPHA x86 Issue type : kbbug Solution Type : kbfix ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.