Full Disclosure mailing list archives
Microsoft's new warning about the old SQL server/MSDE problem
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Thu, 20 Mar 2003 21:35:57 -0500
A friend of mine just received the attached email from Microsoft advising him to patch his copy of MSDE. Talk about closing the barn door after the cows have already escaped...... Richard ---------- Forwarded message ---------- Date: Thu, 20 Mar 2003 16:51:42 -0800 From: Supptsql () microsoft com To: Subject: Important Information About Microsoft Evaluation Software Dear , Our records indicate that you have previously ordered and received SQL Server(TM) 2000 Evaluation Edition or other evaluation software from Microsoft that contains the Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) component. Both SQL and MSDE are vulnerable to the Slammer worm that was released on the Internet in January. For a list of products that include MSDE, please visit: http://www.microsoft.com/technet/treeview/?url=/technet/security/MSDEapp s.asp SQL Server 2000 Evaluation Edition and other Microsoft evaluation products included in the list above are intended for short-term testing, should not be used in production environments, and should be kept in a test environment separate from network access. If you are currently running any of this software on a system that has network access, you need to immediately take one of the following steps to protect your system from this worm: - Uninstall the software. - If uninstalling is not an option, please take the system offline, then:
For SQL: Download and run the SQL Critical Update, which is part of
the SQL Server 2000 Security Tool Set, from http://www.microsoft.com/security/slammer.asp
For MSDE: download and install Service Pack 3 for MSDE 2000 from this
location: http://www.microsoft.com/security/slammer.asp If you are unsure whether you have SQL Server 2000 or MSDE 2000 on your networks, please visit http://www.microsoft.com/sql/downloads/securitytools.asp for SQL Scan and SQL Check utilities. For the most current security-related information about Microsoft products, please visit the following Microsoft Web site, http://www.microsoft.com/security. If you have any questions regarding this alert please contact your Microsoft representative or call 1-866-727-2338 (1-866-PCSAFETY) within the US, outside of the US please contact your local Microsoft Subsidiary.* Thank you, Stan Sorenson Director U.S. SQL Product Management Microsoft Corporation *This mail does not imply or grant any right to use the SQL Server Evaluation Edition beyond the 120-day period described in the SQL Server Evaluation Edition EULA. This is an unmonitored alias, please do not reply to this mail. If you have any questions regarding the Slammer virus please visit: http://www.microsoft.com/security/slammer.asp _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Microsoft's new warning about the old SQL server/MSDE problem Richard M. Smith (Mar 20)
- Re: Microsoft's new warning about the old SQL server/MSDE problem Blue Boar (Mar 20)
- RE: Microsoft's new warning about the old SQL server/MSDE problem Jason Coombs (Mar 20)
- RE: Microsoft's new warning about the old SQL server/MSDE problem Steve Wray (Mar 21)
- RE: Microsoft's new warning about the old SQL server/MSDE problem Jason Coombs (Mar 20)
- Re: Microsoft's new warning about the old SQL server/MSDE problem Blue Boar (Mar 20)