worm related sql patches and mssecure.xml/hfnetchk

• Previous message: Ivan Mason: "Re: MS SQL Server Worm?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Sat, 25 Jan 2003 09:45:38 -0600
From: Eric Schultze <eric.schultze@SHAVLIK.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

MS02-039 is applicable to SQL Server 2000 and MSDE 2000 SP2. Those
running SQL without an SP, or SQL 2000 SP1 will need to upgrade to SP2
in order to apply this patch, or install SQL 2000 SP3.
 
The relevant file in MS02-039 is ssnetlib.dll. You need to have
2000.80.636.0 or later of this file to be considered patched.
 
MS02-039 was superseded by MS02-061 (Q316333). 02-061 includes
ssnetlib.dll version 2000.80.679.0. HFNetChkand MBSA will scan for
02-061 on SQL SP2 machines, however, the Microsoft hosted version of
mssecure.xml does not include a check for the ssnetlib.dll file. The
Shavlik hosted file does include a check for this file and can be
referenced from mbsacli like so:
 
mbsacli.exe /hf -x https://xml.shavlik.com/mssecure.xml. HFNetChk 3.86
will automatically use the Shavlik XML file.
 
Also note, the Microsoft hosted XML file does not include info about SQL
2000 SP3, the Shavlik file does. I've already contacted Microsoft and
asked them to include SQL 2000 SP3 in their XML file.
 
 

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure Corporation
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
TICSA - Anniversary Special - Limited Time

Become TICSA certified for just $221.25 US when you register before 3/31/03
with PROMO "TS0103" at www.2test.com. NO membership fees, certification
good for 2 years. Price for international delivery just $296.25 US, with
this offer. Offer cannot be combined with any other special and expires
3/31/03. Visit www.trusecure.com/ticsa for full details.

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

• Next message: Marc Maiffret: "Re: MS SQL Server Worm?"
• Previous message: Ivan Mason: "Re: MS SQL Server Worm?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Invalid authorization specification ... SP3 doesn't apply to SQL ... > on server from a database on another server. ... (microsoft.public.sqlserver.security) Re: Keine Anmeldung möglich nach SP3 ... Ich habe auf dem PC nur die MSDE laufen und SP3 ... Es geht keine Authentifizierung mehr, mit SQL und NT nicht! ... >Server und Windows) direkt umstellen. ... (microsoft.public.de.sqlserver) Re: Invalid authorization specification ... assume that if it couldn't see the server the message ... >SP3 installs a new version of MDAC so I suppose it's ... doesn't apply to SQL ... >> ownership chaining has to do with accessing a database ... (microsoft.public.sqlserver.security) Access form locks-up during load 1 time out of 10 ... I've got a database running at a clients that is an Access 2000 SP-1 ADP, ... Access is on Windows 98 SE client machines, SQL ... I haven't tried an updated to SP3, as the fixes documented for this don't ... (microsoft.public.access.forms) Re: SP3a was all it took ... I have SP3. ... So this time I reinstalled SQL 2000. ... > Looking for a SQL Server replication book? ... the RECONFIGURE statement to install.. ... (microsoft.public.sqlserver.server)