SMS: Wuser32 Leaks Memory After UDP Port 1762 Attack (192788)


The information in this article applies to:

  • Microsoft Systems Management Server 1.2
This article was previously published under Q192788

SYMPTOMS

When using a utility to send packets to UDP port 1762, the Systems Management Server Remote Control Agent (Wuser32.exe) will rapidly allocate memory. This will continue until either no more memory can be allocated or the Systems Management Server Remote Control Agent is stopped.

RESOLUTION

A supported fix that corrects this problem is now available from Microsoft, but has not been fully regression tested and should be applied only to systems experiencing this specific problem. If you are not severely affected by this specific problem, Microsoft recommends that you wait for the next Systems Management Server service pack that contains this fix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

The English version of this fix should have the following file attributes or later: 
   Date      Time                Size    File name     Platform
   ------------------------------------------------------------

   10/5/98   3:36pm              170,720 Wuser32.exe   (Intel)
   10/5/98   3:29pm              345,872 Wuser32.exe   (Alpha)
   10/5/98   3:35pm               54,112 Multprot.dll  (Intel)
   10/5/98   3:30pm              129,296 Multprot.dll  (Alpha)

STATUS

Microsoft has confirmed this to be a problem in Systems Management Server version 1.2.

MORE INFORMATION

To install the hotfix, perform the following steps on the Systems Management Server site server:

  1. Replace the Wuser32.exe file in the

    <SMS_root_directory>\Site.srv\Maincfg.box\Client.src\<platform>.bin

    directory with the hotfixed version.
  2. Replace the Multprot.dll file in the

    <SMS_root_directory>\Site.srv\Maincfg.box\Client.src\<platform>.bin

    directory with the hotfixed version.
  3. Maintenance manager will replicate the updated files to the

    Logon.srv\<platform>.bin directory on the Systems Management Server

    logon servers during its next work cycle. After that occurs, you can update the clients. To update the clients, either manually run Upgrade.bat on each client or follow the instructions in the following article in the Microsoft Knowledge Base:

    166771 SMS: How to Force Site-Wide Client Updates

NOTE: For consistency, Multprot.dll should also be updated in the <SMS_root_directory>\Site.srv\<platform>.bin on the Systems Management Server site server, as well as on any computers running the Systems Management Server Administrator tools.
Modification Type:MinorLast Reviewed:9/23/2005
Keywords:kbHotfixServer kbQFE kbbug kbfix kbQFE KB192788
©2004 Microsoft Corporation. All rights reserved.