Windows NT 3.51 SEC-FIX Causes Remote PerfMon Sessions to Quit

Last reviewed: December 5, 1997
Article ID: Q169228
The information in this article applies to:
  • Microsoft Windows NT Workstation version 3.51
  • Microsoft Windows NT Server version 3.51

SYMPTOMS

You apply the security fix (SEC-FIX) to a computer running Windows NT 3.51. Later, you run Performance Monitor from another computer running Windows NT to monitor the computer running Windows NT 3.51 with SEC-FIX installed.

When you then select either the Thread or Process object within Performance Monitor, Performance Monitor quits. You will usually observe that Performance Monitor simply "goes away" when you select the Thread or Process object. You do NOT normally see any "Application Error" or "Dr Watson" dialog boxes when this particular error occurs.

This problem occurs irrespective of whether the monitoring computer is running Windows NT 3.51 or 4.0, and irrespective of whether the monitoring computer has SEC-FIX installed.

After SEC-FIX has been installed on a computer running Windows NT 3.51, it can no longer be monitored fully over the network from another computer.

CAUSE

There is a problem with the Windows NT 3.51 version of this security fix, which causes incorrect Performance Monitor data to be transferred over the network when the computer is being monitored remotely. This causes the monitoring instance of Performance Monitor to try to access memory to which it has insufficient access.

The Windows NT 4.0 version of SEC-FIX does not have this problem.

MORE INFORMATION

This SEC-FIX hotfix is sometimes referred to as the "Red Button" fix.

For additional information on the issues addressed by this security fix, please see the following article in the Microsoft Knowledge Base:

   ARTICLE-ID: Q143474
   TITLE     : Restricting Information Available to Anonymous Logon Users

RESOLUTION

Obtain the following fix or wait for the next Windows NT service pack.

This fix should have the following timestamp:

   10/22/97  06:02p               181,504 Advapi32.dll (Intel)
   10/29/97  03:52p               169,504 Winlogon.exe (Intel)

   10/29/97  03:50p               273,168 advapi32.dll (Alpha)
   10/29/97  03:51p               236,304 winlogon.exe (Alpha)

NOTE: Service Pack 5 and SEC-FIX must be applied to Windows NT 3.51 prior to applying this fix.

STATUS

Microsoft has confirmed this to be a problem in the Windows NT 3.51 version of the SEC-FIX security fix. A supported fix is now available, but has not been fully regression tested and should be applied only to systems experiencing this specific problem. Unless you are severely impacted by this specific problem, Microsoft recommends that you wait for the next Service Pack that contains this fix. Contact Microsoft Technical Support for more information.


Additional query words: RedButton
Keywords : kbbug3.51 kbfix3.51 NTSrvWkst
Version : WinNT:3.51
Platform : winnt
Issue type : kbbug
Solution Type : kbfix


THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: December 5, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.