Microsoft Windows XP and Microsoft Windows Server 2003 include security changes related to the use of Transaction Internet Protocol (TIP) and XA transactions.
TIP Transactions
Before the release of Windows XP and Windows Server 2003, the TIP service, by default, listened on a fixed port, which made the DTC vulnerable to attack on that port, introducing an unwanted security risk. In Windows XP and Windows Server 2003, the TIP service is turned off by default, helping reduce the risk of attack on the TIP port.
.gif) Note: |
|---|
|
If you have enabled TIP transactions and want to disable them, first check to ensure that no transactions are currently in progress. Disabling TIP transactions prevents the DTC from communicating the status of in-doubt transactions. To avoid this outcome, you must either manually forget the transaction, using the DTC user interface, or briefly enable distributed transactions to perform automatic recovery. |
XA Transactions
In Windows XP and Windows Server 2003, you can disable XA transactions to help prevent the security risk that arises when a user-specified DLL, used by the DTC to communicate with the XA partner's transaction manager, is loaded directly into the DTC process. This situation exposes a resource manager's databases to serious data corruption and can cause Denial of Service attacks. The disabling of XA transactions helps to protect the DTC from this DLL attack.
| Note: |
|---|
|
If you have XA transactions enabled and want to disable them, first check to ensure that no transactions are currently in progress. The disabling of XA transactions prevents the DTC from communicating the status of in-doubt transactions. To avoid this outcome, you must either manually forget the transaction, using the DTC user interface, or briefly enable distributed transactions to perform automatic recovery. |
XA transactions are disabled by default on domain controllers.
See Also