//  home   //  advanced search   //  news   //  categories   //  sql build chart   //  downloads   //  statistics
 ASP FAQ 
Home
ASP FAQ Tutorials

   8000XXXX Errors
   Alerts
   ASP.NET 2.0
   Classic ASP 1.0
   Databases
      Access DB & ADO
      General SQL Server & Access Articles
      MySQL
      Other Articles
      Schema Tutorials
      Sql Server 2000
      Sql Server 2005
   General Concepts
   Search Engine Optimization (SEO)

Contact Us
Site Map

Search

Web
aspfaq.com
tutorials.aspfaq.com
databases.aspfaq.com

ASP FAQ Tutorials :: Databases :: Other Articles :: How do I protect myself against the W32.Slammer worm?


How do I protect myself against the W32.Slammer worm?

All instances of SQL Server 2000 (including MSDE) are vulnerable to this new exploit of port 1434, which has been taking out networks around the world. Note that SQL Server 7.0, and MSDE 1.0, are not vulnerable to the Slammer virus. 
 
To protect yourself, make sure you're at SP3 (or SP2 with the MS02-061 security patch). See Article #2151 for more information about obtaining these patches; and see Article #2440 if you are having problems with SP3 specifically. 
 
If you are running an evaluation version of SQL Server 2000, note that you cannot apply service packs; however, the Slammer Vulnerabilities page has instructions for applying the SQL Critical Update. Also, there is a new version of the Evaluation Edition posted, which is not vulnerable to slammer. 
 
To help determine vulnerability, Microsoft has made some security tools available at Microsoft.com/downloads. I strongly recommend you download and run the critical update package. 
 
Here is a brief description of each tool, as posted by SQL Server support. Note that the tools come with more comprehensive readme files to assist you with their usage, and the download page has verbose instructions on installing and using this package. 
 
SQL Scan 
 
SQL Scan (Sqlscan.exe) scans an individual computer, a Windows domain, or a range of IP addresses for instances of SQL Server 2000 and MSDE 2000, and identifies instances that may be vulnerable to the Slammer worm. SQL Scan runs on computers running Windows 2000 or higher and can identify instances running on Windows NT 4.0, Windows 2000, or Windows XP. 
 
SQL Check 
 
SQL Check scans the computer on which it is running for instances of SQL Server 2000 and MSDE 2000 that are vulnerable to the Slammer worm. SQL Check runs on computers running Windows 98, Windows ME, Windows NT 4.0, Windows 2000 and Windows XP. On computers running Windows NT 4.0, Windows 2000 and Windows XP it stops and disables the SQL Server and SQL Agent services. On computers running Windows 98 and Windows ME it identifies vulnerable instances but does not stop or disable any services. 
 
SQL Critical Update 
 
SQL Critical Update scans the computer on which it is running for instances of SQL Server 2000 and MSDE 2000 that are vulnerable to the Slammer worm, updating the affected files. SQL Critical Update runs on computers running Windows NT 4.0 or higher. 

Related Articles

How do I build a query with optional parameters?
How do I calculate the median in a table?
How do I create a store locator feature?
How do I deal with MEMO, TEXT, HYPERLINK, and CURRENCY columns?
How do I deal with multiple resultsets from a stored procedure?
How do I debug my SQL statements?
How do I determine if a column exists in a given table?
How do I enable or disable connection pooling?
How do I enumerate through the DSNs on a machine?
How do I find a stored procedure containing <text>?
How do I get a list of Access tables and their row counts?
How do I get the latest version of the JET OLEDB drivers?
How do I handle alphabetic paging?
How do I handle BIT / BOOLEAN columns?
How do I handle error checking in a stored procedure?
How do I ignore common words in a search?
How do I page through a recordset?
How do I present one-to-many relationships in my ASP page?
How do I prevent duplicates in a table?
How do I prevent my ASP pages from waiting for backend activity?
How do I prevent NULLs in my database from mucking up my HTML?
How do I protect my Access database (MDB file)?
How do I protect my stored procedure code?
How do I remove duplicates from a table?
How do I rename a column?
How do I retrieve a random record?
How do I return row numbers with my query?
How do I send a database query to a text file?
How do I simulate an array inside a stored procedure?
How do I solve 'Could not find installable ISAM' errors?
How do I solve 'Operation must use an updateable query' errors?
How do I temporarily disable a trigger?
How do I use a SELECT list alias in the WHERE or GROUP BY clause?
How do I use a variable in an ORDER BY clause?
Should I index my database table(s), and if so, how?
Should I store images in the database or the filesystem?
Should I use a #temp table or a @table variable?
Should I use a view, a stored procedure, or a user-defined function?
Should I use recordset iteration, or GetRows(), or GetString()?
What are all these dt_ stored procedures, and can I remove them?
What are the limitations of MS Access?
What are the limitations of MSDE?
What are the valid styles for converting datetime to string?
What datatype should I use for my character-based database columns?
What datatype should I use for numeric columns?
What does "ambiguous column name" mean?
What is this 'Multiple-step OLE DB' error?
What is wrong with 'SELECT *'?
What naming convention should I use in my database?
What should I choose for my primary key?
What should my connection string look like?
When should I use CreateObject to create my recordset objects?
Where can I get this 'Books Online' documentation?
Where do I get MSDE?
Which database platform should I use for my ASP application?
Which tool should I use: Enterprise Manager or Query Analyzer?
Why are there gaps in my IDENTITY / AUTOINCREMENT column?
Why can I not 'open a database created with a previous version...'?
Why can't I access a database or text file on another server?
Why can't I use the TOP keyword?
Why do I get 'Argument data type text is invalid for argument [...]'?
Why do I get 'Not enough space on temporary disk' errors?
Why does ASP give me ActiveX errors when connecting to a database?
Should I use COALESCE() or ISNULL()?
Where can I get basic info about using stored procedures?

 

 


Created: 1/30/2003 | Last Updated: 3/20/2003 | broken links | helpful | not helpful | statistics
© Copyright 2006, UBR, Inc. All Rights Reserved. (171)

 

Copyright 1999-2006, All rights reserved.
Finding content
Finding content.  An error has occured...