Re: Massive SQL Server attack

From: x y (levinson_k@excite.com)
Date: 01/26/03

• Next message: David Cross [MS]: "Re: certificate server + problem"
• Previous message: x y: "Re: WIN2K, MSN Messenger and Linksys router"
• In reply to: Hillol K Bala: "Re: Massive SQL Server attack"
• Next in thread: Kevin D. Quitt: "Re: Massive SQL Server attack"
• Reply: Kevin D. Quitt: "Re: Massive SQL Server attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "x y" <levinson_k@excite.com>
Date: Sun, 26 Jan 2003 10:27:40 -0500

Downloading the patch, unplugging the network cable, stopping and starting
MSDE / SQL or rebooting removes the worm from memory, and then you want to
install the patch to prevent re-infection.

Really, I think all you need to do is install the patch, since you have to
stop MSDE / SQL to install the patch, at which point the worm disappears....
but removing the network cable is a good idea.

"Hillol K Bala" <hbala@ttacs.ttu.edu> wrote in message
news:eECtvHPxCHA.2380@TK2MSFTNGP11...
> Hi,
>
> i have MSDE in my machine, how do i remove the worm from MSDE? MS is
> recommending to install SP3 for SQL 2000. do i need to install SP3 for
MSDE
> also? does SP3 for SQL work on MSDE also?
>
> please let me know,
>
> Hillol
>
>
> "Krusty the Clown" <clown@msn.com> wrote in message
> news:KfHY9.118079$sV3.4557889@news3.calgary.shaw.ca...
> > Pull up your firewall and block the port, Man!
> >
> >
> > "Alfred" <mas89@cornell.edu> wrote in message
> > news:040f01c2c4cd$e0daa340$d5f82ecf@TK2MSFTNGXA12...
> > > Clint,
> > >
> > > My server was attacked and doesn't see the outside
> > > anymore, what can I do to fix the problems this attack
> > > caused?
> > >
> > > Thanks,
> > > -Alfred
> > >
> > > >-----Original Message-----
> > > >Just an FYI, there's a big SQL server attack going on
> > > >right now. If you don't have SQL Server SP3 installed
> > > then
> > > >you most likely are vulnerable since the MS02-39 patch
> > > >wasn't included in SP2 for SQL Server.
> > > >
> > > >http://www.microsoft.com/technet/security/bulletin/MS02-
> > > >039.asp
> > > >http://www.kb.cert.org/vuls/id/370308
> > > >.
> > > >
> >
> >
>
>

---

• Next message: David Cross [MS]: "Re: certificate server + problem"
• Previous message: x y: "Re: WIN2K, MSN Messenger and Linksys router"
• In reply to: Hillol K Bala: "Re: Massive SQL Server attack"
• Next in thread: Kevin D. Quitt: "Re: Massive SQL Server attack"
• Reply: Kevin D. Quitt: "Re: Massive SQL Server attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: .NET and MSDE ... So it will not harm anything if they install the regular ... patch for MSDE as well? ... >the sql2kdesk.exe patch won't apply to the NETSDK ... >information for users of the Microsoft .NET Framework SDK ... (microsoft.public.sqlserver.security) Re: question about patching MSDE 2000 ... >So it's a named instance? ... Are you applying the patch to ... To install a named istance MS documentation says to add to ... MSDE 2000 using a file different than sqlrun01.msi and I ... (microsoft.public.sqlserver.security) Re: Worm patch wont work ... > I have tried to download the worm patch for XP. ... If Automatic Updates are configured, or when you attempt to install updates, ... You cannot install some updates. ... (microsoft.public.windowsxp.security_admin) Re: NT AUTHORITY/SYSTEM/AUTO SHUTDOWN ... If it installs the patch, ... >This stops the worm from running, so your system will not shut ... or download and install another one such as the free ... connection, then ... (microsoft.public.windowsxp.general) Re: RPC message ... computers world wide! ... up your machine of any of the five currently know variants of this worm, ... Say yes and then download and install this patch, 823980, ... (microsoft.public.windows.inetexplorer.ie6.ieak)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)