| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: rms at computerbytesman.com (Richard M. Smith) Subject: Microsoft's new warning about the old SQL server/MSDE problem A friend of mine just received the attached email from Microsoft advising him to patch his copy of MSDE. Talk about closing the barn door after the cows have already escaped...... Richard ---------- Forwarded message ---------- Date: Thu, 20 Mar 2003 16:51:42 -0800 From: Supptsql@...rosoft.com To: Subject: Important Information About Microsoft Evaluation Software Dear , Our records indicate that you have previously ordered and received SQL Server(TM) 2000 Evaluation Edition or other evaluation software from Microsoft that contains the Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) component. Both SQL and MSDE are vulnerable to the Slammer worm that was released on the Internet in January. For a list of products that include MSDE, please visit: http://www.microsoft.com/technet/treeview/?url=/technet/security/MSDEapp s.asp SQL Server 2000 Evaluation Edition and other Microsoft evaluation products included in the list above are intended for short-term testing, should not be used in production environments, and should be kept in a test environment separate from network access. If you are currently running any of this software on a system that has network access, you need to immediately take one of the following steps to protect your system from this worm: - Uninstall the software. - If uninstalling is not an option, please take the system offline, then: > For SQL: Download and run the SQL Critical Update, which is part of the SQL Server 2000 Security Tool Set, from http://www.microsoft.com/security/slammer.asp > For MSDE: download and install Service Pack 3 for MSDE 2000 from this location: http://www.microsoft.com/security/slammer.asp If you are unsure whether you have SQL Server 2000 or MSDE 2000 on your networks, please visit http://www.microsoft.com/sql/downloads/securitytools.asp for SQL Scan and SQL Check utilities. For the most current security-related information about Microsoft products, please visit the following Microsoft Web site, http://www.microsoft.com/security. If you have any questions regarding this alert please contact your Microsoft representative or call 1-866-727-2338 (1-866-PCSAFETY) within the US, outside of the US please contact your local Microsoft Subsidiary.* Thank you, Stan Sorenson Director U.S. SQL Product Management Microsoft Corporation *This mail does not imply or grant any right to use the SQL Server Evaluation Edition beyond the 120-day period described in the SQL Server Evaluation Edition EULA. This is an unmonitored alias, please do not reply to this mail. If you have any questions regarding the Slammer virus please visit: http://www.microsoft.com/security/slammer.asp
Powered by blists - more mailing lists