lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <001f01c2ef52$9ab1de60$6701a8c0@rms2>
From: rms at computerbytesman.com (Richard M. Smith)
Subject: Microsoft's new warning about the old SQL server/MSDE problem

A friend of mine just received the attached email from Microsoft
advising him to patch his copy of MSDE.  Talk about closing the barn
door after the cows have already escaped......

Richard

---------- Forwarded message ----------
Date: Thu, 20 Mar 2003 16:51:42 -0800
From: Supptsql@...rosoft.com
To: 
Subject: Important Information About Microsoft Evaluation Software

Dear ,

Our records indicate that you have previously ordered and received SQL
Server(TM) 2000 Evaluation Edition or other evaluation software from
Microsoft that contains the Microsoft SQL Server 2000 Desktop Engine
(MSDE 2000) component.  Both SQL and MSDE are vulnerable to the Slammer
worm that was released on the Internet in January.

For a list of products that include MSDE, please visit:
http://www.microsoft.com/technet/treeview/?url=/technet/security/MSDEapp
s.asp

SQL Server 2000 Evaluation Edition and other Microsoft evaluation
products included in the list above are intended for short-term testing,
should not be used in production environments, and should be kept in a
test environment separate from network access.

If you are currently running any of this software on a system that has
network access, you need to immediately take one of the following steps
to protect your system from this worm:
-  Uninstall the software.
-  If uninstalling is not an option, please take the system offline,
then:
> For SQL:  Download and run the SQL Critical Update, which is part of
the SQL Server 2000 Security Tool Set, from
http://www.microsoft.com/security/slammer.asp
> For MSDE: download and install Service Pack 3 for MSDE 2000 from this
location: http://www.microsoft.com/security/slammer.asp

If you are unsure whether you have SQL Server 2000 or MSDE 2000 on your
networks, please visit
http://www.microsoft.com/sql/downloads/securitytools.asp for SQL Scan
and SQL Check utilities.

For the most current security-related information about Microsoft
products, please visit the following Microsoft Web site,
http://www.microsoft.com/security.

If you have any questions regarding this alert please contact your
Microsoft representative or call 1-866-727-2338 (1-866-PCSAFETY) within
the US, outside of the US please contact your local Microsoft
Subsidiary.*

Thank you,
Stan Sorenson
Director
U.S. SQL Product Management
Microsoft Corporation

*This mail does not imply or grant any right to use the SQL Server
Evaluation Edition beyond the 120-day period described in the SQL Server
Evaluation Edition EULA.

This is an unmonitored alias, please do not reply to this mail.  If you
have any questions regarding the Slammer virus please visit:
http://www.microsoft.com/security/slammer.asp


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ