Re: Microsoft Informational Alert
From: sms admin \(real name david manor\) (dmanor01@dontspammecomcast.net)
Date: 05/23/02
- Next message: James Meggitt: "Restoring Administrator permissions - fixed"
- Previous message: Ned Flanders: "Re: occult a program to ctrl+alt+del"
- In reply to: Jerry Bryant [MS]: "Microsoft Informational Alert"
- Next in thread: Jerry Bryant [MS]: "Re: Microsoft Informational Alert"
- Reply: Jerry Bryant [MS]: "Re: Microsoft Informational Alert"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "sms admin \(real name david manor\)" <dmanor01@dontspammecomcast.net> Date: Wed, 22 May 2002 20:12:46 -0400
does sql 7.0 sp4 supersede this patch, or do you still need it if you
install sp4 on a sql7 server?
"Jerry Bryant [MS]" <jbryant@online.microsoft.com> wrote in message
news:#Q4IPwcACHA.2420@tkmsftngp02...
> PSS Security Response Team Alert - SQL Security Recommendations
>
> SEVERITY: INFORMATIONAL
> DATE: 05/21/2002
> PRODUCTS AFFECTED: SQL Server
>
> **********************************************************************
>
> What is It?
>
> What is It?
>
> The Microsoft Product Support Services Security Team is issuing this alert
> to advise our customers to take precautionary action for the following two
> reasons:
>
> 1) Exploit Code is now available for the vulnerability patched by
Microsoft
> Security Bulletin MS02-020. While the release of exploit code alone does
> not mean that an attack tool will be developed the Product Support
Services
> Security Team feels that this along with the developments below warrant
> increased attention and vigilance.
>
> 2) Increased attempts to log into Internet facing SQL servers with blank
> passwords are being seen on the Internet.
>
> Based on these two items the Microsoft Product Support Services Security
> Team is advising customers to test and deploy the patch for Microsoft
> Security Bulletin MS02-020 if they have not already done so:
>
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
> bulletin/MS02-020.asp
>
> We are also advising customers to follow the following best practices for
> utilizing SQL securely within their environments:
>
> . Secure your SA login account with a non-NULL password. The worm only
works
> if you have no security on your SA login account. Therefore, you should
> follow the recommendation from the "System Administrator (SA) Login" topic
> in SQL Server Books Online to make sure that the built-in SA account has a
> strong password, even if you never directly use the SA account yourself.
>
> . Block port 1433 at your Internet gateways and/or assign SQL Server to
> listen on an alternate port.
>
> . If port 1433 needs to be available on your Internet gateways, enable
> egress/ingress filtering to prevent misuse of this port.
>
> . Run the SQLServer service and SQL Server Agent under a Microsoft Windows
> NT account, not localsystem.
>
> . Enable Windows NT Authentication, enable auditing for successful and
> failed logins, and then stop and restart the MSSQLServer service.
Configure
> your clients to use NT Authentication.
>
> --
> Regards,
>
> Jerry Bryant - MCSE, MCDBA
> Microsoft IT Communities
>
> Get Secure! www.microsoft.com/security
>
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
- Next message: James Meggitt: "Restoring Administrator permissions - fixed"
- Previous message: Ned Flanders: "Re: occult a program to ctrl+alt+del"
- In reply to: Jerry Bryant [MS]: "Microsoft Informational Alert"
- Next in thread: Jerry Bryant [MS]: "Re: Microsoft Informational Alert"
- Reply: Jerry Bryant [MS]: "Re: Microsoft Informational Alert"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
