Over the weekend a new internet web based worm emerged
that attacks Microsoft SQL 2000, and MSDE 2000. The worm
uses UDP port 1434 to exploit a buffer overflow in SQL server.
Microsoft have issued two patches to resolve the vulnerability
in SQL server, if you are running MSDE 2000, or SQL server
2000 please apply these patches:
http://www.microsoft.com/technet/security/bulletin/MS02-061.asp
http://www.microsoft.com/technet/security/bulletin/MS02-039.asp
The worm doesn't affect any files, is not a mass mailer,
nor write files to disk and is just held in memory on the
MS SQL server. By rebooting the server, and applying the
above patches the vulnerabilty will be closed off, and also
remove from the in memory process.
Back
