Microsoft Security Bulletin MS02-006
Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run
Originally posted: February 12, 2002
Updated: May 09, 2003
Who should read this bulletin:
System administrators who use Simple Network Management Protocol to manage Microsoft® Windows® 95, 98, 98SE, Windows NT® 4.0, Windows 2000 or Windows XP systems
Impact of vulnerability:
Denial of Service, potentially run code of attacker's choice
Maximum Severity Rating:
Customers using SNMP on Windows 2000 and Windows XP should apply the patch. All other customers should disable SNMP service if running; apply patch when available
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 Server, Terminal Server Edition
- Microsoft Windows 2000
- Microsoft Windows XP
- Microsoft Knowledge Base article Q314147 discusses this issue and will be available approximately 24 hours after the release of this bulletin. Knowledge Base articles can be found on the Microsoft Online Support web site.
- Technical support is available from Microsoft Product Support Services. There is no charge for support calls associated with security patches.
Security Resources: The Microsoft TechNet Security Web Site provides additional information about security in Microsoft products.
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
- V1.0 (February 12, 2002): Bulletin Created.
- V2.0 (February 15, 2002): Bulletin updated to include patch availability of patches for Windows 2000 and Windows XP.
- V3.0 (March 5, 2002): Bulletin updated to include patch availablilty for Windows NT 4.0.
- V4.0 (March 11, 2002): Bulletin updated to include patch availability for Windows NT 4.0 Terminal Server Edition.
- V5.0 (March 13, 2002): Bulletin updated to advise customers that the Windows NT 4.0 Terminal Server Edition patches in English and German released on March 11, 2002 contained an error that has been corrected and to advise customers to download and apply the updated patches.
- V6.0 (April 26, 2002): Bulletin updated to include patch availability for Windows 98 and Windows 98SE.
- V6.1 (May 09, 2003): Updated download links to Windows Update.