mailing list archives
Microsoft's new warning about the old SQL server/MSDE problem
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Thu, 20 Mar 2003 21:35:57 -0500
A friend of mine just received the attached email from Microsoft
advising him to patch his copy of MSDE. Talk about closing the barn
door after the cows have already escaped......
---------- Forwarded message ----------
Date: Thu, 20 Mar 2003 16:51:42 -0800
From: Supptsql () microsoft com
Subject: Important Information About Microsoft Evaluation Software
Our records indicate that you have previously ordered and received SQL
Server(TM) 2000 Evaluation Edition or other evaluation software from
Microsoft that contains the Microsoft SQL Server 2000 Desktop Engine
(MSDE 2000) component. Both SQL and MSDE are vulnerable to the Slammer
worm that was released on the Internet in January.
For a list of products that include MSDE, please visit:
SQL Server 2000 Evaluation Edition and other Microsoft evaluation
products included in the list above are intended for short-term testing,
should not be used in production environments, and should be kept in a
test environment separate from network access.
If you are currently running any of this software on a system that has
network access, you need to immediately take one of the following steps
to protect your system from this worm:
- Uninstall the software.
- If uninstalling is not an option, please take the system offline,
For SQL: Download and run the SQL Critical Update, which is part of
the SQL Server 2000 Security Tool Set, from
For MSDE: download and install Service Pack 3 for MSDE 2000 from this
If you are unsure whether you have SQL Server 2000 or MSDE 2000 on your
networks, please visit
http://www.microsoft.com/sql/downloads/securitytools.asp for SQL Scan
and SQL Check utilities.
For the most current security-related information about Microsoft
products, please visit the following Microsoft Web site,
If you have any questions regarding this alert please contact your
Microsoft representative or call 1-866-727-2338 (1-866-PCSAFETY) within
the US, outside of the US please contact your local Microsoft
U.S. SQL Product Management
*This mail does not imply or grant any right to use the SQL Server
Evaluation Edition beyond the 120-day period described in the SQL Server
Evaluation Edition EULA.
This is an unmonitored alias, please do not reply to this mail. If you
have any questions regarding the Slammer virus please visit:
Full-Disclosure - We believe in it.
- Microsoft's new warning about the old SQL server/MSDE problem Richard M. Smith (Mar 21)