Computer leaks nonpaged pool memory when IPSEC traffic is configured to use AuthIP without encryption in Windows

Dotyczy: Windows Server 2012 R2 DatacenterWindows Server 2012 R2 EssentialsWindows Server 2012 R2 Foundation


Assume that a Windows-based computer is configured by using a specific IP Security (IPsec) rule (AuthNoEncap - AuthIP with NULL Encryption). When the computer receives User Datagram Protocol (UDP) traffic, a nonpaged pool leak occurs. If there is a large volume of traffic, the computer may become unresponsive.

For example, you may encounter this issue in the following scenario:
  • You configure the computers in a domain to use Authenticated IP (AuthIP) only for IPsec and without encryption.
  • In the domain, a computer sends a large volume of UDP traffic to a remote computer.
In this scenario, nonpaged pool memory usage increases on the remote computer. High UDP network traffic can completely exhaust the nonpaged pool memory. This causes the remote computer to become unresponsive until it is restarted.

Note Windows-based computers that host the DNS Server role are an example of a workload susceptible to this memory leak, because they service UDP-formatted DNS queries from a large collection of unique clients. However, the issue can apply to any remote computer that receives sufficient UDP traffic.


To resolve this problem, install the hotfix that is described in this article.

Note To resolve this problem in Windows 8.1 and Windows Server 2012 R2, install update rollup 2928680 .

Hotfix information

A supported hotfix is available from Microsoft Support. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, go to the following Microsoft website: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.


To apply this hotfix, you must be running one of the following operating systems:

  • Windows 7 Service Pack 1 (SP1)
  • Windows Server 2008 R2 Service Pack 1 (SP1)
  • Windows 8
  • Windows Server 2012
  • Windows 8.1
  • Windows Server 2012 R2

Learn how to obtain Service Pack 1 for Windows 7 and Windows Server 2008 R2.

Restart requirement

A restart of the computer is required after you apply this hotfix. 

Hotfix replacement information

This hotfix does not replace any previously released hotfix.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.


Learn about the terminology that Microsoft uses to describe software updates.