Are there any general security risks associated with having MSDTC enabled?
I was told, by one of my team members, that there are security risks involved with enabling it, but I would like to know what they are, if any.
I came across this question while reading up on MSDTC. I know it is very old, but I think it deserves an answer for future readers.
Like most software, MSDTC needs to be configured properly to minimize the risk of successful exploits. While I would not generally call it insecure, vulnerabilities have been detected so there are some aspects you want to consider when actively using MSDTC.
If your system requires a really high security level, completely disabling DTC is not a bad choice. But to be able to take advantage of the DTC features, you probably want to enable some of its parts. For more information on what you can do, Microsoft offers a set of MSDN pages about DTC Security Considerations and some more up-to-date articles at MS Technet.
MSDTC has been around since Windows 2000, so plenty of people (especially those at Microsoft) were able to explore it and establish best practices. As long as your system is fully patched, it's reasonable to trust DTC.
Further reading: Potential risks of using unsecure RPC by Ajit Yadav (at MSDN blogs, you should check out his other posts).