[Fwd: Update on "Slammer" Worm]
Derek Neighbors
plug-discuss@lists.plug.phoenix.az.us
Fri, 31 Jan 2003 13:41:14 -0700 (MST)
Here is what Microsoft is sending to its Certified Partners about the
Slammer. It was even funnier reading the email from Bill Gates about them
getting more "open". Unfortunately I think I deleted that one, though it
was pasted all over AP wire.
-Derek
-------- Original Message --------
Subject: =?iso-8859-1?Q?Update_on_=22Slammer=22_Worm?=
From: "Microsoft"
<0_43669_1FFCA68B-621B-D211-88BE-08002BB74F65_US@Newsletters.Microsoft.com>
Date: Fri, January 31, 2003 1:46 pm
To: <xxxxxxxxxxxxxxxxxx>
-------------------------------------------------------------------
Special Bulletin to Our Technology Partners: "Slammer" Worm Update
-------------------------------------------------------------------
The "Slammer" virus is an Internet worm targeting un-patched Microsoft®
SQL Server 2000 and MSDE 2000 systems resulting in a high volume of
network traffic on both the Internet and private internal networks.
We recognize that our partners are on the front line helping their
customers manage this issue. This email provides crucial information and
resources you and your customers need to help protect systems from the
"Slammer" worm:
* Security bulletin answering frequently asked questions about the worm
http://www.microsoft.com/sql/techinfo/administration/2000/security/slammerbulletin.asp
* Updated patch download and technical bulletin
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS02-061.asp
* SQL Server 2000 SQL Scan Tool (SQL Scan)-identifies systems vulnerable
to the Slammer worm
http://www.microsoft.com/sql/downloads/securitytools.asp
* SQL Server 2000 service pack 3
http://www.microsoft.com/sql/downloads/2000/sp3.asp
* Ten ways to secure SQL Server
http://www.microsoft.com/sql/techinfo/administration/2000/security/securingsqlserver.asp
* Guidance for Independent Software Vendors (ISVs) shipping MSDE with
their products
http://www.microsoft.com/sql/techinfo/administration/2000/security/isvswithmsdes.asp
* General network security information
http://microsoft.com/security
* For details on all Microsoft product support, please visit
http://support.microsoft.com
------------------------------------------------------------------- To
our Technology Partners:
-------------------------------------------------------------------
On the evening of Friday January 24, 2003 Microsoft became aware of an
Internet attack that was causing a dramatic increase in network traffic
worldwide. We immediately began investigating the issue and learned that
a worm, named Sapphire or Slammer, was targeting computers running
Microsoft SQL ServerT 2000 and MSDE 2000 systems. We were quickly able
to determine that (a) the vulnerability was known and patches had
previously been made available, and (b) there was no data corruption on
customers' systems. The release of this worm is a criminal act, and we
are working with law-enforcement authorities to the fullest extent
possible. We understand this worm has caused business disruption and we
are committed to help our partners and their customers make sure their
networks are as secure as possible from development through deployment.
Since the release of this worm, Microsoft has worked around the clock to
pull together the information and resources necessary to help ensure
that customers are able to protect their affected systems. Complete
information is located at http://Microsoft.com/security. We have extra
staff on hand in Product Support to assist customers, and, of course,
all support calls related to this issue are free of charge.
The vulnerability that is exploited by this worm was first addressed by
a Microsoft security patch in July 2002 and in subsequent cumulative
patches, most recently in October 2002. In addition, as part of our
commitment to the secure in deployment goal of Trustworthy Computing
(TWC), we have re-released the latest security patch to include an
installer that makes it easier for system administrators to accelerate
installation.
Going forward, Microsoft will continue to invest in developing a more
secure and robust computing infrastructure as part of the Trustworthy
Computing initiative. We will also work with network administrators to
continue to improve our patch deployment process.
We realize that SQL Server is a critical component of our technology
partners' and their customers' enterprise infrastructures. As a result,
Microsoft recently executed a security push to proactively identify and
remove security flaws in SQL Server 2000. These updates were recently
delivered as part of SQL Server 2000 and MSDE 2000 Service Pack 3.
Security pushes like this are part of our commitment to delivering on
the vision of TWC by making our existing software more secure by design,
default and in deployment. As a result, we strongly recommend that you
evaluate and adopt SQL Server Service Pack 3.
Trustworthy Computing is a long-term process and this latest incident
reinforces both how reliant we are on the Internet and how much work
remains to deliver security against malicious attacks such as this. We
understand the importance of this issue and we continue to look for new
ways to deliver quality updates in a timely and easy-to-deploy manner.
You have our commitment that we will continue to work on this issue
until it is resolved. We thank you for your continued patience and
support.
For additional information please go to
http://www.microsoft.com/security
Or contact Microsoft product support, and your anti-virus vendor. Ways
to contact support can be found at http://support.microsoft.com
Microsoft Communities is your launching pad for communicating online
with peers and experts about Microsoft products, technologies, and
services: http://communities.microsoft.com/home/default.asp
~~~~~~~~~~~~~~~~~~~~~~~~~ How to use this mailing
list~~~~~~~~~~~~~~~~~~~~~~~~
To cancel your subscription to this newsletter, either click
mailto:1_43669_1FFCA68B-621B-D211-88BE-08002BB74F65_US@Newsletters.Microsoft.com?subject=UNSUBSCRIBE
to send an unsubscribe e-mail or reply to this message with the word
UNSUBSCRIBE in the Subject line. To stop all e-mail newsletters from
microsoft.com, either click
mailto:2_43669_1FFCA68B-621B-D211-88BE-08002BB74F65_US@Newsletters.Microsoft.com?subject=STOPMAIL
to send your request or reply to this message with the word STOPMAIL in
the Subject Line. You can also unsubscribe at
http://www.microsoft.com/misc/unsubscribe.htm. You can manage all your
Microsoft.com communication preferences from this site.
THIS DOCUMENT AND OTHER DOCUMENTS PROVIDED PURSUANT TO THIS PROGRAM ARE
FOR INFORMATIONAL PURPOSES ONLY. The information type should not be
interpreted to be a commitment on the part of Microsoft and Microsoft
cannot guarantee the accuracy of any information presented after the
date of publication. INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED
'AS IS' WITHOUT WARRANTY OF ANY KIND. The user assumes the entire risk
as to the accuracy and the use of this document. microsoft.com
newsletter e-mail may be copied and distributed subject to the following
conditions: 1. All text must be copied without modification and all
pages must be included 2. All copies must contain Microsoft's copyright
notice and any other notices provided therein 3. This document may not
be distributed for profit