The "Slammer" Worm - Are You Patched?
by John Peterson
Overview
While it's not strictly ASP news... the worm is affecting
businesses large and small:
The "Slammer" virus is an Internet worm targeting
un-patched Microsoft SQL Server 2000 and MSDE 2000
systems resulting in a high volume of network
traffic on both the Internet and private internal
networks.
A patch resolving the vulnerability has been available for
some time and yet many systems remain vulnerable. If
you're running SQL Server or any version of MSDE, make
sure you patch it immediately to avoid becoming the next
victim of the "Slammer."
And don't think just because you're not running a SQL Server
you're not vulnerable... MSDE ships with a wide
variety of products (some of which install it by default)
including:
- .NET Framework SDK
- ASP.NET Web Matrix
- Office XP Premium, Professional, Developer
- BizTalk Server 2002 Partner Edition
- Host Integration Server 2000
- Project Server 2002
- Small Business Server 2000
- SQL Server 2000, Enterprise Edition, Developer Edition, Personal Edition
- Visio Enterprise Network Tools
- Visual FoxPro 7.0 and 8.0 beta
- Visual Studio .NET 2002 Professional, Enterprise Developer, and Enterprise Architect editions
- Visual Basic .NET Standard 2002, Visual C++ .NET Standard 2002, Visual C# .NET Standard 2002
- Windows Enterprise Server 2003 RC1, only if UDDI is enabled
- Windows Server 2003 RC1, only if UDDI is enabled
- Application Center 2000 RTM, SP1, SP2
- Operations Manager 2000 RTM, SP1
- ... and more...
More Information
Here are the three main "entry" pages into Microsoft's site that I've found
where you can find more information on the "Slammer" virus:
- Critical Update for Microsoft .NET Framework SDK Users from Microsoft's .NET Framework Page
- Customer Update on the "Slammer" Attack from Microsoft's Security & Privacy Page
- "Slammer" Worm Special Bulletin from Microsoft for Partners Page
If you run across a page not found from one of these links or something
especially useful or interesting let me know and I'll link to it here.
Update: Free Tool for Identifying Vulnerable SQL Servers
One of our readers sent me some info on a free tool being provided to
help system administrators identify systems which are vulnerable to
the Slammer virus.
eEye is offering a free tool that scans network machines and detects if any are vulnerable to the SQL
Sapphire/Slammer Internet worm currently circulating worldwide. The tool allows
administrators to quickly identify SQL servers that do not contain the patch
needed to protect from the worm, and it provides information on where to locate
the patch from Microsoft.
The free Retina Sapphire SQL Worm Scanner can be found by visiting:
http://www.eeye.com/html/Research/Tools/SapphireSQL.html
Thanks go out to Gary Sacks for letting me know about the tool.