Security risk of enabling MSDTC
https://stackoverflow.com/questions/1364130
-
20-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
MSDTC is disabled by default (windows 2003 - onwards) and I want to have it enabled for an application I'm developing that requires distributed transactions from .Net C#.
I don't believe there are any security issues with enabling it, but does SO know of any security issues with enabling the DTC?
Cheers
Ollie
Solution
As long as the machine is fully patched you should be reasonably safe. AFAIK there may have been some patches in the past for vulnerabilities related to this (but then there is for all components in the OS).
If it is listening on an external port then you may want to lock down the hosts which can connect to it. This would give you a level of protection if some sort of worm on compromise is discovered the in future. It is generally not the sort of thing you want to expose on internet-facing machines.
