3rd Microsoft Patch Available for SNMP Hole

Microsoft Corp. notified customers late Monday that a third patch is available to protect Windows platforms from the industry-wide SNMP security vulnerability. This time the patch covers Windows NT Terminal Server 4.0.

The security organization CERT/CC issued a broad alert in mid-February detailing threats to numerous operating systems, software and hardware spanning the industry.

Microsoft's SNMP service is not installed or running by default in any operating system, but it can be turned on in all current operating systems except Windows ME.

Shortly after the CERT/CC bulletin went out, Microsoft issued its own security bulletin offering a workaround for customers with a need to have SNMP enabled. At the time Microsoft promised to issue patches for its various operating systems as soon as it could develop them. The Windows 2000 and Windows XP patches were available the same week as the first alert. A general Windows NT 4.0 patch became available last week.

Microsoft is still working on patches for the Windows 95, Windows 98 and Windows 98 SE operating systems.

SNMP or Simple Network Management Protocol is for managing network devices, so the vulnerability affects computers, firewalls, routers and other products. A buffer overrun present in all implementations, can allow an attacker to cause denial of service or run code in LocalSystem context. Microsoft classifies the SNMP vulnerability as a low risk on affected Internet servers, a moderate risk on affected intranet servers and a moderate risk on affected client systems.

The security bulletin and patches can be accessed here:

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Malwarebytes Affirms Other APT Attack Methods Used Besides 'Solorigate'

    Security solutions company Malwarebytes affirmed on Monday that alternative methods besides tainted SolarWinds Orion software were used in the recent "Solorigate" advanced persistent threat (APT) attacks.

  • How To Fix the Hyper-V Read Only Disk Problem

    DOS might seem like a relic now, but sometimes it's the only way to fix a problem that Windows seems ill-equipped to deal with -- like this one.

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

comments powered by Disqus