3rd Microsoft Patch Available for SNMP Hole

Microsoft Corp. notified customers late Monday that a third patch is available to protect Windows platforms from the industry-wide SNMP security vulnerability. This time the patch covers Windows NT Terminal Server 4.0.

The security organization CERT/CC issued a broad alert in mid-February detailing threats to numerous operating systems, software and hardware spanning the industry.

Microsoft's SNMP service is not installed or running by default in any operating system, but it can be turned on in all current operating systems except Windows ME.

Shortly after the CERT/CC bulletin went out, Microsoft issued its own security bulletin offering a workaround for customers with a need to have SNMP enabled. At the time Microsoft promised to issue patches for its various operating systems as soon as it could develop them. The Windows 2000 and Windows XP patches were available the same week as the first alert. A general Windows NT 4.0 patch became available last week.

Microsoft is still working on patches for the Windows 95, Windows 98 and Windows 98 SE operating systems.

SNMP or Simple Network Management Protocol is for managing network devices, so the vulnerability affects computers, firewalls, routers and other products. A buffer overrun present in all implementations, can allow an attacker to cause denial of service or run code in LocalSystem context. Microsoft classifies the SNMP vulnerability as a low risk on affected Internet servers, a moderate risk on affected intranet servers and a moderate risk on affected client systems.

The security bulletin and patches can be accessed here:

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Windows Admin Center vs. Hyper-V Manager: What's Better for Managing VMs?

    Microsoft's preferred interface for Windows Server is Windows Admin Center, but can it really replace Hyper-V Manager for managing virtual machines? Brien compares the two management tools.

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.