 |
|
8000XXXX Errors Alerts ASP.NET 2.0 Classic ASP 1.0
Databases Access DB & ADO General SQL Server & Access Articles MySQL Other Articles Schema Tutorials Sql Server 2000 Sql Server 2005 General Concepts Search Engine Optimization (SEO)Search
ASP FAQ Tutorials :: Databases :: Other Articles :: How do I protect myself against the W32.Slammer worm?
How do I protect myself against the W32.Slammer worm?
All instances of SQL Server 2000 (including MSDE) are vulnerable to this new exploit of port 1434, which has been taking out networks around the world. Note that SQL Server 7.0, and MSDE 1.0, are not vulnerable to the Slammer virus.
To protect yourself, make sure you're at SP3 (or SP2 with the MS02-061 security patch). See Article #2151 for more information about obtaining these patches; and see Article #2440 if you are having problems with SP3 specifically.
If you are running an evaluation version of SQL Server 2000, note that you cannot apply service packs; however, the Slammer Vulnerabilities page has instructions for applying the SQL Critical Update. Also, there is a new version of the Evaluation Edition posted, which is not vulnerable to slammer.
To help determine vulnerability, Microsoft has made some security tools available at Microsoft.com/downloads. I strongly recommend you download and run the critical update package.
Here is a brief description of each tool, as posted by SQL Server support. Note that the tools come with more comprehensive readme files to assist you with their usage, and the download page has verbose instructions on installing and using this package.
SQL Scan
SQL Scan (Sqlscan.exe) scans an individual computer, a Windows domain, or a range of IP addresses for instances of SQL Server 2000 and MSDE 2000, and identifies instances that may be vulnerable to the Slammer worm. SQL Scan runs on computers running Windows 2000 or higher and can identify instances running on Windows NT 4.0, Windows 2000, or Windows XP.
SQL Check
SQL Check scans the computer on which it is running for instances of SQL Server 2000 and MSDE 2000 that are vulnerable to the Slammer worm. SQL Check runs on computers running Windows 98, Windows ME, Windows NT 4.0, Windows 2000 and Windows XP. On computers running Windows NT 4.0, Windows 2000 and Windows XP it stops and disables the SQL Server and SQL Agent services. On computers running Windows 98 and Windows ME it identifies vulnerable instances but does not stop or disable any services.
SQL Critical Update
SQL Critical Update scans the computer on which it is running for instances of SQL Server 2000 and MSDE 2000 that are vulnerable to the Slammer worm, updating the affected files. SQL Critical Update runs on computers running Windows NT 4.0 or higher.
To protect yourself, make sure you're at SP3 (or SP2 with the MS02-061 security patch). See Article #2151 for more information about obtaining these patches; and see Article #2440 if you are having problems with SP3 specifically.
If you are running an evaluation version of SQL Server 2000, note that you cannot apply service packs; however, the Slammer Vulnerabilities page has instructions for applying the SQL Critical Update. Also, there is a new version of the Evaluation Edition posted, which is not vulnerable to slammer.
To help determine vulnerability, Microsoft has made some security tools available at Microsoft.com/downloads. I strongly recommend you download and run the critical update package.
Here is a brief description of each tool, as posted by SQL Server support. Note that the tools come with more comprehensive readme files to assist you with their usage, and the download page has verbose instructions on installing and using this package.
SQL Scan
SQL Scan (Sqlscan.exe) scans an individual computer, a Windows domain, or a range of IP addresses for instances of SQL Server 2000 and MSDE 2000, and identifies instances that may be vulnerable to the Slammer worm. SQL Scan runs on computers running Windows 2000 or higher and can identify instances running on Windows NT 4.0, Windows 2000, or Windows XP.
SQL Check
SQL Check scans the computer on which it is running for instances of SQL Server 2000 and MSDE 2000 that are vulnerable to the Slammer worm. SQL Check runs on computers running Windows 98, Windows ME, Windows NT 4.0, Windows 2000 and Windows XP. On computers running Windows NT 4.0, Windows 2000 and Windows XP it stops and disables the SQL Server and SQL Agent services. On computers running Windows 98 and Windows ME it identifies vulnerable instances but does not stop or disable any services.
SQL Critical Update
SQL Critical Update scans the computer on which it is running for instances of SQL Server 2000 and MSDE 2000 that are vulnerable to the Slammer worm, updating the affected files. SQL Critical Update runs on computers running Windows NT 4.0 or higher.
Related Articles
How do I build a query with optional parameters? How do I calculate the median in a table? How do I create a store locator feature? How do I deal with MEMO, TEXT, HYPERLINK, and CURRENCY columns? How do I deal with multiple resultsets from a stored procedure? How do I debug my SQL statements? How do I determine if a column exists in a given table? How do I enable or disable connection pooling? How do I enumerate through the DSNs on a machine? How do I find a stored procedure containing <text>? How do I get a list of Access tables and their row counts? How do I get the latest version of the JET OLEDB drivers? How do I handle alphabetic paging? How do I handle BIT / BOOLEAN columns? How do I handle error checking in a stored procedure? How do I ignore common words in a search? How do I page through a recordset? How do I present one-to-many relationships in my ASP page? How do I prevent duplicates in a table? How do I prevent my ASP pages from waiting for backend activity? How do I prevent NULLs in my database from mucking up my HTML? How do I protect my Access database (MDB file)? How do I protect my stored procedure code? How do I remove duplicates from a table? How do I rename a column? How do I retrieve a random record? How do I return row numbers with my query? How do I send a database query to a text file? How do I simulate an array inside a stored procedure? How do I solve 'Could not find installable ISAM' errors? How do I solve 'Operation must use an updateable query' errors? How do I temporarily disable a trigger? How do I use a SELECT list alias in the WHERE or GROUP BY clause? How do I use a variable in an ORDER BY clause? Should I index my database table(s), and if so, how? Should I store images in the database or the filesystem? Should I use a #temp table or a @table variable? Should I use a view, a stored procedure, or a user-defined function? Should I use recordset iteration, or GetRows(), or GetString()? What are all these dt_ stored procedures, and can I remove them? What are the limitations of MS Access? What are the limitations of MSDE? What are the valid styles for converting datetime to string? What datatype should I use for my character-based database columns? What datatype should I use for numeric columns? What does "ambiguous column name" mean? What is this 'Multiple-step OLE DB' error? What is wrong with 'SELECT *'? What naming convention should I use in my database? What should I choose for my primary key? What should my connection string look like? When should I use CreateObject to create my recordset objects? Where can I get this 'Books Online' documentation? Where do I get MSDE? Which database platform should I use for my ASP application? Which tool should I use: Enterprise Manager or Query Analyzer? Why are there gaps in my IDENTITY / AUTOINCREMENT column? Why can I not 'open a database created with a previous version...'? Why can't I access a database or text file on another server? Why can't I use the TOP keyword? Why do I get 'Argument data type text is invalid for argument [...]'? Why do I get 'Not enough space on temporary disk' errors? Why does ASP give me ActiveX errors when connecting to a database? Should I use COALESCE() or ISNULL()? Where can I get basic info about using stored procedures?