NetSDK vulnerable to SQL Slammer

From: Schmehl, Paul L (pauls_at_UTDALLAS.EDU)
Date: 06/16/03

  • Next message: Ken Goods: "Follow up --- RE: New and unique IIS log entries."
    Date:         Mon, 16 Jun 2003 10:42:00 -0500

    Every week I scan our network with Foundstone's (may they rest in peace)
    :-) SQLScan. Recently I've been detecting vulnerable computers that
    have NetSDK installed. Since these detections are recent, I surmise
    that CS students are downloading and installing NetSDK so they can do
    development work in the .net architecture.

    Why Microsoft would make this software available **in a vulnerable
    form** is beyond me, but I thought the list should know. It's likely
    that at least some networks have this software installed and are
    therefore vulnerable to another Slammer infection. One possible
    scenario is: a CS student installs NetSDK, logs on to the Internet from
    an external network, get's infected with Slammer, brings his laptop to
    campus and infects the campus network.

    NetSDK Downloads:

    NetSDK Slammer Patch:

    Foundstone's SQLScan:
    Look in Home/Resources/Free Tools/Scanning Tools

    Paul Schmehl (
    Adjunct Information Security Officer
    The University of Texas at Dallas
    AVIEN Founding Member

    Delivery co-sponsored by TruSecure
    Free 14-day trial of New Threat & Vulnerability Notification Service

    TruSecure's new IntelliShield(tm) web-based threat and vulnerability
    service isn't your typical alert service. Supported by TruSecure's vast
    intelligence resources - including the ICSA Labs - IntelliShield's early
    warning, analysis, decision support, and threat management tools provide
    organizations with unmatched intelligence to better protect critical
    information assets. Experience it for yourself - just click below to begin
    your free, no obligation 14-day trial today!


  • Next message: Ken Goods: "Follow up --- RE: New and unique IIS log entries."