For Questions Call:
1-888-323-6768
Contact Us
Qmunity  |  Worldwide  

Americas
United States (English) Brazil (Portuguese)
Latin America (Spanish)  
Europe, Middle East, Africa
United Kingdom (English) Italy (Italian)
France (French) Spain (Spanish)
Germany (German) Ireland (English)
Austria (German) Belgium (English)
Switzerland (German) Netherlands (Dutch)
Denmark (English) Norway (English)
Sweden (English) South Africa (English)
 
   
   
Find a worldwide contact Find a reseller

Security Analyzer Security Alert for SQL Slammer

Microsoft SQL Server Vulnerabilities: SQL Slammer

 Read the technical bulletin ...

The recent SQL W32.Slammer worm, also known as SQL Slammer or Slammer, infects SQL Server port 1434, the default Microsoft SQL Server UDP port.

The affected products are:

  • Microsoft SQL Server 2000
  • Microsoft Desktop Engine (MSDE) 2000

In July 2002, Microsoft issued Microsoft Security Bulletin MS02-039 to address a buffer overflow issue with SQL Server's Resolution Service, which listens on UDP port 1434. The Resolution Service was introduced in SQL Server 2000 to support multiple instances of SQL Server running on the same machine. The SQL Slammer worm exploits a Resolution Service vulnerability by feasting on SQL Server instances that do not have the latest Service Pack (SP 3) or comparable patches installed.

Note from Microsoft: Microsoft SQL Server customers who have patched their machines with the Microsoft Security Bulletin MS02-039 patch, or any subsequent cumulative SQL security patch, are completely safe from infection from the W32.Slammer worm. However, Microsoft recommends customers apply Microsoft Security Bulletin MS02-061, which is the most recent cumulative SQL Server security patch, if they have not applied the patches for Microsoft Security Bulletin MS02-039, MS02-043, or MS02-056. Alternatively, customers may install SQL Server 2000 Service Pack 3 or MSDE 2000 Service Pack 3, which incorporates the patches in Microsoft Security Bulletin MS02-061.

What Should Security Analyzer Customers Do?

Security Analyzer (SA) already checks for the two patches that Microsoft provides to protect against the Slammer worm. In addition, a new security test has been added that checks to determine w32.Slammer vulnerabilities.

SA customers should run an AutoSync first, then run the Database Services Analysis scan profile against their database target host. A new security test called SQL Slammer Worm Vulnerability has been added to the Database Services Analysis profile that checks to see if a system has not applied the related patches (MS02-039 and MS02-034). If these patches have not been installed, the customer is alerted to their vulnerability to the SQL Slammer worm.

Security Analyzer Support
Overview
Knowledge Base
Contact Information
Technical Support Access Request
Product Upgrade Request
Hotfixes
Security Advisory Archive

Extended Support
Log In
Open/View Service Requests
NetIQ Online User Forums
Notification and Alerts
Product Upgrade Download
Documentation
Log Out
How to Buy

Contact NetIQ

Country: 

Sales:         (888)323-6768

     Additional Contact Information

Support:     (713) 418-5555

     Additional Contact Information

Renewals:  (713) 418-5035

What's New

Advisory for the sendmail Vulnerability

On March 3rd, 2003, the CERT Coordination Center published the existence of a remotely exploitable vulnerability in sendmail. NetIQ immediately responded with a Security Advisory providing complete details and guidance.

Learn More ...
 Search