The Simple Network Manamgenet Protocol (SNMP) service is vulnerable to a buffer overflow. This service is typically used to manage network devices. Home users are not likely to have this service installed. However, many larger networks will use SNMP to controlle and monitor networked workstations and servers.
Accoridng to a note from Dave Aitel, Immunity released an exploit for this vulnerabilty to its customers.
In order to disable this service, or to check if it is running, use the "services" tab in your control pannel and make sure the 'SNMP Service' is not running. You will not see an entry for SNMP service if it is not installed.
This patch is a "patch now" for all networks that use SNMP. It runs as "system" and a succesfull exploit would provide an attacker with full access. The Microsoft bulletin only talks about port 161 UDP for this vulnerability. So one can assume that SNMP trap messages are not affected.
Common sense SNMP security (regardless of the vulnerability):
I will be teaching next: Intrusion Detection In-Depth - SANS Baltimore Spring 2020
Dec 12th 2006
1 decade ago