Transmission Control Protocol (TCP) loopback latency and User Datagram Protocol (UDP) latency in Windows Server 2008 or in Windows Vista are longer than TCP loopback latency and UDP latency in Windows Server 2003.

This issue affects applications or services that use TCP loopback or UDP for communication.

Description: This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if specially crafted packets are sent to a computer with IPv6 enabled. An attacker could try to exploit the vulnerability by creating specially crafted ICMPv6 packets and sending the packets to a system with IPv6 enabled. This vulnerability may only be exploited if the attacker is on-link. The security update addresses the vulnerabilities by changing the way Windows TCP/IP performs bounds checking and other packet handling operations. Keep reading →

A computer that is running Windows Server 2008 or Windows Vista may automatically restart together with various stop codes after you enable the TCP Chimney Offload feature.

This article describes a new Memory Pressure Protection feature for TCP stack. This new feature is provided by security update 967723. The Memory Pressure Protection feature consists of three security settings. These settings include Memory Pressure Protection (MPP), Profiles, and Port Exemption.

Description: This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. The security update addresses the vulnerabilities by dropping existing TCP connections adaptively and limiting the number of new TCP connections until system resources are restored, and changing the manner in which TCP/IP packets are processed. Keep reading →

When you use the netsh command to modify TCP/IP global parameters on a computer that is running Windows Server 2008 or Windows Vista, some TCP/IP parameters in the registry are changed to incorrect values.

Note: These parameters are saved in the location:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

This issue may affect the following items:

• DisableTaskOffload
• EnablePMTUBHDetect
• EnablePMTUDiscovery
• KeepAliveInterval
• KeepAliveTime
• Tcp1323Opts
• TcpFinWait2Delay
• TcpMaxDataRetransmissions
• TcpTimedWaitDelay
• TcpUseRFC1122UrgentPointer

For example, you run the following command to change a TCP/IP global parameter:

netsh in tcp set global autotuninglevel=normal

After you run the command, the values of some unrelated settings below are changed to 0xFFFFFFFF:

• KeepAliveInterval
• KeepAliveTime
• TcpMaxDataRetransmissions
• TcpTimedWaitDelay

By default, the half-open TCP connections limit is disabled in Windows Server 2008 with Service Pack 2 (SP2) and in Windows Vista with Service Pack 2 (SP2). This article describes how to impose the half-open TCP connections limit in Windows Server 2008 with SP2 and in Windows Vista with SP2. The limit is ten connections.

Note: In Windows Server 2008 and in Windows Vista with Service Pack 1 (SP1), the system allows for a maximum of ten half-open TCP connections at any time.

On a computer that is running Windows Vista, Windows Server 2008, or Windows Server 2003, you have the TCP Chimney feature enabled, and the TCP transfer buffer size is set to 32 MB. When you perform a network operation, the system crashes. Additionally, you receive the following Stop error message:

Stop 0×00000040 TARGET_MDL_TOO_SMALL

For example, you start the FTP command and then use the following parameter to specify the TCP transfer buffer size:
ftp -w: 33554432 FTP Server IP Address
In this case, after you log on to the FTP server and perform an operation, such as “put,” that generates large transfers, the system crashes, and you receive the Stop error message.

This article describes how to disable or enable the transmission control protocol (TCP) window autotuning diagnostic tool in Vista. The autotuning diagnostic tool diagnoses and fixes problems related to autotuning. However, in some cases (for example, network performance testing) you may want to disable the diagnostic tool. This article describes the autotuning feature, the diagnostic tool, and how they help prevent problems.

The TCP receive window autotuning feature in Vista lets the operating system continually monitor conditions such as bandwidth, network delay, and application delay. The operating system can configure connections by scaling the TCP receive window to maximize the network performance based on these parameters. To determine the optimal size for the receive window, the receive window autotuning feature measures the product of the network delay and bandwidth, and also looks at the application retrieve-rates. Then, the receive window autotuning feature changes the receive window size of the ongoing transmission to take advantage of any unused bandwidth.

The TCP protocol uses a three-way handshake to establish a TCP connection. The last interaction in the three-way handshake is a TCP Acknowledgement (ACK) package. However, in Windows Vista, the Windows Filtering Platform (WFP) inspection occurs only after the three-way handshake is completed. Therefore, any data that is piggybacked on the ACK package may bypass the WFP inspection process.

Note: A payload can legitimately piggyback on the ACK package.

This issue affects socket applications that use NetBIOS communication on a Windows Vista-based computer.