Differences in Changing Transaction Timeouts in Windows 2000 and Later Platforms

 

Applies To: Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server Technical Preview, Windows Vista

With the version of Microsoft Distributed Transaction Coordinator (MSDTC) in Windows 2000 Server, a malicious process can change the timeout of any transaction by sending the message TXUSER_SETTXTIMEOUT_MTAG_SETTXTIMEOUT to the MSDTC, if it knows the transaction's GUID.

The MSDTC in versions of Windows subsequent to Windows 2000 Server prevents this by allowing only the process that begins a transaction to change its timeout.

The only situation in which the process that begins the transaction cannot change the transaction's timeout is when both of the following are true:

1. The application process is in Windows 2000 Server.

2. The Windows 2000 Server computer is configured to use MSDTC on a remote machine where a later version of Windows is installed.

This is because the version of MSDTC in Windows 2000 Server allows clients to change a transaction's timeout using the connection type CONNTYPE_SETTXTIMEOUT, while the versions of MSDTC in later versions of Windows use the CONNTYPE_TXUSER_BEGIN2 connection type. To resolve this issue, you must upgrade the client computer or the MSDTC computer so that both are running a version of Windows later than Windows 2000 Server.