Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Microsoft's new warning about the old SQL server/MSDE problem
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Thu, 20 Mar 2003 21:35:57 -0500

A friend of mine just received the attached email from Microsoft
advising him to patch his copy of MSDE.  Talk about closing the barn
door after the cows have already escaped......

Richard

---------- Forwarded message ----------
Date: Thu, 20 Mar 2003 16:51:42 -0800
From: Supptsql () microsoft com
To: 
Subject: Important Information About Microsoft Evaluation Software

Dear ,

Our records indicate that you have previously ordered and received SQL
Server(TM) 2000 Evaluation Edition or other evaluation software from
Microsoft that contains the Microsoft SQL Server 2000 Desktop Engine
(MSDE 2000) component.  Both SQL and MSDE are vulnerable to the Slammer
worm that was released on the Internet in January.

For a list of products that include MSDE, please visit:
http://www.microsoft.com/technet/treeview/?url=/technet/security/MSDEapp
s.asp

SQL Server 2000 Evaluation Edition and other Microsoft evaluation
products included in the list above are intended for short-term testing,
should not be used in production environments, and should be kept in a
test environment separate from network access.

If you are currently running any of this software on a system that has
network access, you need to immediately take one of the following steps
to protect your system from this worm:
-  Uninstall the software.
-  If uninstalling is not an option, please take the system offline,
then:
For SQL:  Download and run the SQL Critical Update, which is part of
the SQL Server 2000 Security Tool Set, from
http://www.microsoft.com/security/slammer.asp
For MSDE: download and install Service Pack 3 for MSDE 2000 from this
location: http://www.microsoft.com/security/slammer.asp

If you are unsure whether you have SQL Server 2000 or MSDE 2000 on your
networks, please visit
http://www.microsoft.com/sql/downloads/securitytools.asp for SQL Scan
and SQL Check utilities.

For the most current security-related information about Microsoft
products, please visit the following Microsoft Web site,
http://www.microsoft.com/security.

If you have any questions regarding this alert please contact your
Microsoft representative or call 1-866-727-2338 (1-866-PCSAFETY) within
the US, outside of the US please contact your local Microsoft
Subsidiary.*

Thank you,
Stan Sorenson
Director
U.S. SQL Product Management
Microsoft Corporation

*This mail does not imply or grant any right to use the SQL Server
Evaluation Edition beyond the 120-day period described in the SQL Server
Evaluation Edition EULA.

This is an unmonitored alias, please do not reply to this mail.  If you
have any questions regarding the Slammer virus please visit:
http://www.microsoft.com/security/slammer.asp

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault