Microsoft Security Bulletin MS00-012 announces the availability of a patch that eliminates a vulnerability in Microsoft Systems Management Server (SMS). If the Remote Control feature of SMS has been installed and enabled, thevulnerability could allow a workstation user to take virtually any desired action on the machine. This is a privilege elevation vulnerability. A malicious user who exploited this vulnerability would be able to take virtually any desired actionon a machine that he or she could interactively log onto. For instance, he or she could add, delete or modify files, create or delete local users, or install additional software on the machine. The only SMS feature affected by this vulnerability is the Remote Control feature. Sites that have not enabled the Remote Control Feature of SMS are not affected by this vulnerability.