Microsoft KB Archive/926247

= MS06-074: Vulnerability in Simple Network Management Protocol (SNMP) could allow remote code execution =

Article ID: 926247

Article Last Modified on 12/3/2007

-

APPLIES TO

 Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86) Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86) Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86) Microsoft Windows Server 2003 R2 Standard x64 Edition Microsoft Windows Server 2003 R2 Enterprise x64 Edition Microsoft Windows Server 2003 R2 Datacenter x64 Edition Microsoft Windows Server 2003, Standard x64 Edition Microsoft Windows Server 2003, Enterprise x64 Edition</li> Microsoft Windows Server 2003, Datacenter x64 Edition</li> Microsoft Windows Server 2003 Service Pack 1, when used with: <ul> Microsoft Windows Server 2003, Standard Edition (32-bit x86)</li></ul>

<ul> Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)</li></ul>

<ul> Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)</li></ul>

<ul> Microsoft Windows Server 2003, Web Edition</li></ul>

<ul> Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems</li></ul>

<ul> Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems</li></ul> </li> Microsoft Windows Server 2003, Standard Edition (32-bit x86)</li> Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)</li> Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)</li> Microsoft Windows Server 2003, Web Edition</li> Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems</li> Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems</li> Microsoft Windows Small Business Server 2003 Standard Edition</li> Microsoft Windows XP Tablet PC Edition 2005</li> <li>Microsoft Windows XP Media Center Edition 2005</li> <li>Microsoft Windows XP Professional x64 Edition</li> <li>Microsoft Windows XP Media Center Edition 2004</li> <li>Microsoft Windows XP Media Center Edition 2002</li> <li>Microsoft Windows XP Service Pack 2, when used with: <ul> <li>Microsoft Windows XP Professional</li></ul>

<ul> <li>Microsoft Windows XP Home Edition</li></ul> </li> <li>Microsoft Windows XP Tablet PC Edition</li> <li>Microsoft Windows 2000 Service Pack 4, when used with: <ul> <li>Microsoft Windows 2000 Datacenter Server</li></ul>

<ul> <li>Microsoft Windows 2000 Advanced Server</li></ul>

<ul> <li>Microsoft Windows 2000 Server</li></ul>

<ul> <li>Microsoft Windows 2000 Professional Edition</li></ul> </li> <li>Microsoft Small Business Server 2000 Standard Edition</li></ul>

-

<div class="summary_section">

SUMMARY
Microsoft has released security bulletin MS06-074. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites: <ul> <li>Home users:

http://www.microsoft.com/athome/security/update/bulletins/200612.mspx

</li> <li>IT professionals:

http://www.microsoft.com/technet/security/bulletin/ms06-074.mspx

</li></ul>

Known issue
SNMP is an optional component in Microsoft Windows 2000, in Windows XP, and in Windows Server 2003. Windows Update offers this security update only if the SNMP component is installed on the computer.

If you download the update from the Download Center and manually tries to install it on a computer that does not have the SNMP component installed, you will receive an error message. This error message will indicate that there is a prerequisite missing and that the security update will not be installed. This is expected behavior.

Users can use the /quiet switch to suppress all messages.

Administrators should use one of the supported methods to verify that the installation was successful when they use the /quiet switch. Administrators should expect error messages in the Kb926247.log file when the SNMP component is not installed.

Additional query words: security_patch security_update bug flaw malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE Win2000

Keywords: kbwinserv2003sp1fix kbexpertiseinter kbexpertisebeginner kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix kbwin2000presp5fix kbpubtypekc KB926247

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.