[tforum] Re: [ALL-MANAGERS:1231] RE: Some additional notes for Univ administrators re: SQL worm

Joe Breen Joe.Breen@utah.edu
Sun, 26 Jan 2003 12:53:47 -0700

Thanks Steve for posting the main affected Microsoft product list.

Apparently, a number of non-Microsoft or non-business products may also 
install the Microsoft SQL Desktop Engine (MSDE).  Applications ranging 
from games, i.e. MS Age of Mythology, to Network management tools, i.e. 
Compaq Insight Manager, HP Openview Internet Services, may install the 
MSDE depending on how an administrator installs them.  One of the SQL 
security sites in conjunction the the NTBugTraq group has started a list 
of apps that *may* install the MSDE.  The list is in the left column on 
  www.sqlsecurity.com   For more information on NTBugTraq, see

Russ Cooper, the NTBugTraq moderator, has also provided the following 
new Microsoft pointers regarding the worm and patches.

"Microsoft has just released a web page about SQLSlammer, and also a new
version of MS02-061. Thanks to Hjorleifur Kristinsson for the heads up.


The new version of MS02-061 includes an installer, plus the patch I
referred to early that deals with the handle leak (Q3177848) all in the
one package.

You have to get the download via;


as there is no link to it from the MS Slammer page.

Russ - NTBugtraq Editor"

	Univ. of Utah Center for High Performance Computing

Steve Scott wrote:
> Previous MS Service Packs are vulnerable without the stand alone 
> patch.  From all reports, the worm only affects SQL Server 2000.  The 
> worm does not affect previous versions of MS SQL Server.  The worm 
> also affects MS SQL Desktop Engine 2000 (MSDE).
> Please be aware that SQL Desktop Engine 2000 (MSDE) is installed as part
> of:
> * SQL Server 2000 (Developer, Standard, and Enterprise Editions)
> * Visual Studio .NET (Architect, Developer, and Professional Editions)
> * ASP.NET Web Matrix Tool
> * Office XP (various versions)
> * MSDN (various subscription levels)
> * Access 2002 
> * Visual FoxPro 7.0/8.0 
> Joe, thanks for the great synopsis.  A huge thanks to everyone that
> worked to initially contain this worm.  We are still working at
> identifying compromised machines, and working at strategies to prevent
> re-infections.
> Steve
> Steve Scott
> University of Utah
> Institutional Security Office
> (801)556-6925
> steven.scott@utah.edu