Resource Leak in IE6SP1 with all latest hot fixes

[Michael Lueck]

We are noticing a huge resource leak in the latest IE6SP1 running on Win2K SP4 - all latest hot fixes for the OS and browser.

In task manager, the User object count for the IExplore task goes above 20,000 after suring for a while, interacting with some message board, chat room etc... web sites.

This was not the case while on Win2K SP3 and current IE6SP1 hot fixes back then.

 

[hardhead]

sounds like ya got something trying to call home. maybe
get a scan or two.

-----Original Message-----
We are noticing a huge resource leak in the latest

IE6SP1 running on Win2K SP4 - all latest hot fixes for
the OS and browser.

In task manager, the User object count for the IExplore

task goes above 20,000 after suring for a while,
interacting with some message board, chat room etc... web
sites.

 

[Michael Lueck]

sounds like ya got something trying to call home. maybe
get a scan or two.

Nope, have checked.

And these web sites, while using third party code to run the BB, chat rooms, etc... are our web sites, so in this case the admins are getting nuked browsing their own web site.

 

[H Leboeuf]

Have a look at:

A Handle Leak Occurs in Mstask.exe
http://support.microsoft.com/?kbid=329346 (W2000 11/7/2003)

When you use a program on a Microsoft Windows 2000-based computer, the
memory that Dnsapi.dll uses may continually grow, and memory may not be
returned to the computer over time.
http://support.microsoft.com/?kbid=827535 (W2000 1/7/2004)

A Memory Leak Occurs When You Incrementally Update Dimensions That Contain
Member Properties
http://support.microsoft.com/?kbid=831045 (SQL Server 2000 11/24/2003)
--

Henri Leboeuf
Web page: http://www.colba.net/~hlebo49/index.htm
===

Nope, have checked.

And these web sites, while using third party code to run the BB, chat

rooms, etc... are our web sites, so in this case the admins are getting
nuked browsing their own web site.

 

[Michael Lueck]

Thanks, the DNS one sounds interesting. MSTask we don't use and that was a preSP4 bug, so that should be covered.

I sort of doubt the DNS leak causes USER objects to be leaked though... last I knew USER objects were somehow related to the Graphical aspects of Windows.

Alas, no contract with MS to beg that fix out of them, since it is not posted public for download.

Thanks anyway!

 

[Robert Aldwinckle]

Thanks, the DNS one sounds interesting.

<title>KB827535 - Dnsapi.dll memory leak</title>

<extract>
02-Sep-2003 23:45 5.0.2195.6815 136,464 Dnsapi.dll
</extract>

What version of that module do you have now?

It looks to me that there is a newer version of the module which
you could get from more recent hotfixes, perhaps even from a
Security patch.

E.g. this one

<title>KB828297 - Memory Leak in Lsass.exe</title>

<extract>
18-Nov-2003 21:28 5.0.2195.6824 136,464 Dnsapi.dll
</extract>

Which appears to be integrated into recent security patch 835732

< http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx >
Expand [+] Security Update Information
Expand [+] Windows 2000 (all versions)

I'm not sure but I think that there has been a further update to this patch
for your OS, since several users were having difficulties with it.
If so, perhaps you should uninstall an old 835732 and then reinstall it.


Watch out for the "sasser worm" while you're unprotected! ;o

http://www.microsoft.com/security/incident/sasser.asp


HTH

Robert Aldwinckle

 

[Michael Lueck]

<title>KB827535 - Dnsapi.dll memory leak</title>

<extract>
02-Sep-2003 23:45 5.0.2195.6815 136,464 Dnsapi.dll
</extract>

What version of that module do you have now?

I have 5.0.2195.6824

KB835732 is the only patch which seems to have touched it.

I'm not sure but I think that there has been a further update to this patch
for your OS, since several users were having difficulties with it.
If so, perhaps you should uninstall an old 835732 and then reinstall it.

Looks like since the correct module is in the production (\system32) directory that should not be necessary.

Watch out for the "sasser worm" while you're unprotected! ;o

Behind a dedicated firewall so that is covered.