Description:

CA has confirmed that a specific version of Microsoft's RPCRT4.DLL may cause memory leaks in certain DLP processes. This issue has been specifically identified as affecting the 'wgnphub.exe' as used in the DLP Exchange Server, but other DLP executables may also be affected by this issue.

The version of the DLL with this problem (RPCRT4.DLL version 5.2.3790.2971) is installed via the Windows 2003 server SP1 hot fix MS07-058 (http://www.microsoft.com/technet/security/Bulletin/MS07-058.mspx).

Solution:

The memory leak is fixed in RPCRT4.DLL version 5.2.3790.3036, which is installed via the Windows 2003 server SP1 hot fix KB942880 (http://support.microsoft.com/kb/942880). Use the link provided in the 'Resolution' section of the KB942880 web page to request the hot fix from Microsoft. Microsoft has not yet confirmed that the RPCRT4.DLL leaks, or that hot fix KB942880 fixes it. However our empirical testing has shown this to be the case. The problem does not affect the Windows 2003 server SP2 variant of Hot fix MS07-058, which installs RPCRT4.DLL version 5.2.3790.4115.

CA recommends that this hot fix (KB942880) be applied to servers running the DLP software that have the RPCRT4.DLL version 5.2.3790.2971 installed.