Article ID: 813440 - View products that this article applies to.
The Microsoft PSS Security Response Team has issued an alert to inform customers about the W32.Slammer worm. The W32.Slammer worm is an Internet worm that targets SQL Server 2000 and SQL Server Desktop Engine (also known as MSDE 2000) systems. This attack results in a high volume of network traffic on both the Internet and private internal networks.
RiskYou are potentially at risk if:
Microsoft Security Bulletin MS02-039
Microsoft Security Bulletin MS02-061
The MS02-061 cumulative security patch includes the patch referenced by MS02-039. This patch has been re-released to include functionality that previously was only available in the Q317748.exe download file:
(http://support.microsoft.com/kb/317748/ )FIX: Handle leak occurs in SQL Server when service or application repeatedly connects and disconnects with shared memory network library
Latest SQL Server 2000 Service Pack
(http://support.microsoft.com/kb/290211/ )How to obtain the latest SQL Server 2000 service pack
Microsoft SQL Server 2000 Service Pack 3 (SP3) includes the patches referenced in the MS02-039 and MS02-061 security bulletins.
PreventionTo help protect against this worm, Microsoft recommends the following:
If you are running Microsoft SQL Server 2000 Evaluation Edition, RTM and Service Pack 1 (SP1) or MSDE 2000 RTM and Service Pack 1 (SP1):
If you are running SQL Server 2000 Service Pack 2 (SP2) or MSDE 2000 Service Pack 2 (SP2):
RecoveryIf your computer is infected by the W32.Slammer worm, which is a denial of service attack, Microsoft recommends that you use the following methods to remove the worm:
For the most current information about this alert, visit the following Microsoft Web site:
http://www.microsoft.com/security/portal/For more information about a patch for Microsoft Application Center 2000, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/813115/ )FIX: W32.Slammer worm exploits MSDE 2000 vulnerability in Application Center 2000
For more information about computer viruses, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/129972/ )Computer viruses: description, prevention, and recovery
Related Security Information
For additional security-related information about Microsoft products, visit the following Microsoft Web site:
http://www.microsoft.com/securityFor additional information about viruses, visit the following third-party Web sites:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SQLP1434.AMicrosoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
Article ID: 813440 - Last Review: February 21, 2007 - Revision: 9.6