|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ivan Mason (ivan_at_OTAGO.AC.NZ)
Date: Sat Jan 25 2003 - 09:04:47 CST
Russ,
I have noted that two of the postings that you have allowed through to the
list allude that this 'worm vulnerability' affects pre SQL2K SP2?
Marc Maiffret [marc
EEYE.COM],
"Systems Affected: Microsoft SQL Server 2000 pre SP 2"
(Good analysis of the payload, all the same...)
Ben Koshy [benW3MEDIA.NET],
"Those SQL Servers running Service Pack 2 or Service Pack 3 (released Jan 17
with little/no notice from MS!) were immune to the worm."
I would just like to say again that: "We believe that MS SQL Server 2000 SP2
without the post SP2 security rollups would be vulnerable to this attack"
We have tested Q323875 and it does stop the 'worm vulnerability'.
Can we seek clarification regarding this: Is SQL2K with only SP2 safe?
It's getting to be a rather long night...
Regards Ivie..... :-)
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure Corporation
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
TICSA - Anniversary Special - Limited Time
Become TICSA certified for just $221.25 US when you register before 3/31/03
with PROMO "TS0103" at www.2test.com. NO membership fees, certification
good for 2 years. Price for international delivery just $296.25 US, with
this offer. Offer cannot be combined with any other special and expires
3/31/03. Visit www.trusecure.com/ticsa for full details.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]