News

NT Patch Available for SNMP Vulnerability

Microsoft Corp. continues to work on bringing out patches for all versions of Windows affected by the industry-wide security vulnerability in SNMP.

Microsoft alerted subscribers to its Security Bulletin service Wednesday night that an SNMP patch was available for Windows NT 4.0 users.

Microsoft issued a patch for Windows 2000 and Windows XP users a few days after the security organization, CERT/CC, issued a broad alert in mid-February detailing threats to numerous operating systems, software and hardware spanning the industry.

Microsoft immediately posted a security bulletin last month that included a workaround for users who have turned on the SNMP service. Users who install patches now available for Windows NT, Windows 2000 and Windows XP won't need to use the workaround.

Microsoft's SNMP service is not installed or running by default in any operating system.

Patches for Windows 95, Windows 98 and Windows 98 Second Edition are under development. Windows ME did not include an implementation of the SNMP service.

SNMP or Simple Network Management Protocol is for managing network devices, so the vulnerability affects computers, firewalls, routers and other products. A buffer overrun present in all implementations, can allow an attacker to cause denial of service or run code in LocalSystem context.

Microsoft classifies the SNMP vulnerability as a low risk on affected Internet servers, a moderate risk on affected intranet servers and a moderate risk on affected client systems.

The security bulletin and patches can be accessed here:
http://www.microsoft.com/technet/security/bulletin/ms02-006.asp

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Defender ATP Gets macOS Investigation Support

    The endpoint and detection response (EDR) feature in Microsoft Defender Advanced Threat Protection (ATP) has reached the "general availability" stage for macOS devices.

  • How To Block Self-Service Purchasing in Microsoft's Power Platform

    Microsoft threw Office 365 admins a bone when it gave them the ability to block users from purchasing Power Platform tools without IT approval. Here's how to prevent total anarchy.

  • Azure DevOps Services Losing Support for Alternate Credentials

    Microsoft gave notice last week that it's going to drop Alternate Credentials support for authenticating users of its Azure DevOps Services.

  • Microsoft Endpoint Configuration Manager Update 1910 Released

    Microsoft announced last week that it is starting to deliver Update 1910 for Microsoft Endpoint Configuration Manager users.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.