Microsoft KB Archive/228724

Terminal Server May Reach Full Memory Usage from a Remote Attack

PSS ID Number: Q228724 Article last modified on 06-29-1999

winnt:4.0

winnt

================================================================ ==

The information in this article applies to:

 == Microsoft Windows NT Server version 4.0, Terminal Server Edition == 

= SYMPTOMS =

Your computer running Windows NT Server 4.0, Terminal Server Edition may reach full memory usage resulting in unsuccessful connections attempts.

= CAUSE =

This problem occurs because the RDP protocol in Windows NT Server 4.0, Terminal Server Edition listens to TCP port 3389 by default for incoming connections. After a TCP connection is made to this listener port, Terminal Server uses resources in order to authenticate and create the new client connection. It may be possible for a remote attacker to cause a computer running Terminal Server to reach full memory usage by creating a large number of TCP connections to port 3389. Legitimate incoming connections may not connect because of a lack of resources.

= RESOLUTION =

To resolve this problem, obtain the latest service pack for Windows NT Server 4.0, Terminal Server Edition. For additional information, please see the following article in the Microsoft Knowledge Base:

Q152734 How to Obtain the Latest Windows NT 4.0 Service Pack

NOTE: If this product was already installed on your computer when you purchased it from the Original Equipment Manufacturer (OEM) and you need this fix, please call the Pay Per Incident number listed on the above Web site. If you contact Microsoft to obtain this fix, and if it is determined that you only require the fix you requested, no fee will be charged. However, if you request additional technical support, and if your no-charge technical support period has expired, or if you are not eligible for standard no-charge technical support, you may be charged a non-refundable fee.

For more information about eligibility for no-charge technical support, see the following article in the Microsoft Knowledge Base:

Q154871 Determining If You Are Eligible for No-Charge Technical Support

= STATUS =

Microsoft has confirmed this to be a problem in Windows NT Server 4.0, Terminal Server Edition. This problem was first corrected in Windows NT Server 4.0, Terminal Server Edition Service Pack 4.

Additional query words:

=
========================================================= Keywords :

Version : winnt:4.0 Platform : winnt Issue type : kbbug Solution Type : kbfix ============================================================================= Copyright Microsoft Corporation 1999.