This article has been archived. It is offered "as is" and will no longer be updated.
A denial of service may occur in an Application Center 2000 (AC2000) cluster if members become infected with the W32.Slammer worm because of a vulnerability in the Microsoft SQL Server Desktop Engine (MSDE 2000).
The W32.Slammer worm causes a denial of service because it floods the network with UDP packets over port 1434.
Service pack information
Application Center 2000 Service Pack 2 contains MSDE Service Pack 3a, which includes all the security patches that are available at the time of release. To resolve this problem, obtain the latest service pack for Application Center 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
309384 How to obtain the latest Application Center 2000 service pack
Important Application Center Server 2000 uses a specialized version of MSDE 2000. These instructions are for Application Center Server 2000 only.
Important If your AC2000 systems are currently infected with W32.Slammer or are connected to a network that may have other systems infected with W32.Slammer, please download the SQL Critical Update hotfix which is part of the SQL Security Tools available from the following Microsoft Web site:
Run the appropriate sqlhotfixpkg on your AC2000 systems before proceeding with the instructions below. Applying sqlhotfixpkg will NOT upgrade your system to MSDE Service Pack 2 (SP2), nor will it permit you to apply the post SP2 MSDE security bulletins that address vulnerabilities other than W32.Slammer, nor will it allow you to apply any security bulletins that may be released in the future.
For this reason we recommend that you complete the MSDE SP2 upgrade and Microsoft Security Bulletin MS02-061 (MS02-061) security rollup fix as described in this document.
Important The procedures below will render your Application Center 2000 systems vulnerable to the W32.Slammer worm while you are applying the upgrade and fix. You should have all the resources you need to complete the upgrade available locally on the server and then disconnect the server from the network while you upgrade to MSDE SP2 and MS02-061.
Important Your Application Center Servers must be at Application Center 2000 Service Pack 1 (SP1) in order to apply the procedures below. You can get SP1 from the following Microsoft Web site:
Important MSDE SP2, otherwise known as OFE813058.EXE, has been re-issued with this revision of this document. The first version of QFE813058.EXE was incompatible with MS02-061. If you downloaded and applied QFE813058.EXE before you downloaded this document, you should follow the “Installation instructions for systems that have had QFE813058.EXE applied already”. If you have any doubt about what version of QFE813058.EXE you have applied you should also follow the “Installation instructions for systems that have had QFE813058.EXE applied already” as they will work with either version of QFE813058.exe
To resolve this problem, you must obtain the following fixes:
QFE813058.EXE, available from the Application Center 2000: MSDE 2000 SP2 download, available from the following the following Microsoft Web site: