CVE-2005-1979
Description
Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
Patches
Vulnerability mechanics
Root cause
"Improper handling of an unexpected protocol command during TIP reconnection requests causes the MSDTC service to throw an unhandled exception and exit."
Attack vector
A remote attacker sends an "unexpected protocol command during the reconnection request" to the MSDTC service, which the TIP functionality does not properly handle [ref_id=1]. This causes the MSDTC service to throw an exception and exit, resulting in a denial of service. The attacker does not need authentication; the vulnerability can be triggered over the network by any remote server sending a malformed TIP reconnection request.
Affected code
The vulnerability resides in the Transaction Internet Protocol (TIP) functionality of the Microsoft Distributed Transaction Coordinator (MSDTC) service. The advisory does not specify exact function or file names, but identifies the TIP protocol handling as the affected code path [ref_id=1].
What the fix does
The security update addresses the vulnerability by improving how the MSDTC service validates TIP protocol commands during reconnection requests [ref_id=1]. Additionally, the update introduces several registry-based mitigations: TIP can be disabled entirely on Windows 2000 via the NetworkDtcAccessTip key, and four new registry values (DisableTipTmIdVerfication, DisableTipTmIdPortVerification, DisableTipBeginCheck, DisableTipPassThruCheck) allow administrators to enforce stricter validation of TIP packets, such as verifying the TM ID matches the sender's IP address and requiring port 3372 [ref_id=1].
Preconditions
- networkThe MSDTC service must be running and accessible over the network.
- configThe TIP protocol must be enabled (default on some configurations).
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
15- www.idefense.com/application/poi/displaynvdVendor Advisory
- secunia.com/advisories/17161nvd
- secunia.com/advisories/17172nvd
- secunia.com/advisories/17223nvd
- secunia.com/advisories/17509nvd
- securitytracker.com/idnvd
- support.avaya.com/elmodocs2/security/ASA-2005-214.pdfnvd
- www.securityfocus.com/bid/15058nvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-051nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1134nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1283nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1338nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1513nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1550nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A686nvd
News mentions
0No linked articles in our index yet.