Microsoft Special Bulletin for Technology Partners : ''Slammer'' Worm Update.

Published by

The "Slammer" virus is an Internet worm targeting un-patched Microsoft® SQL Server 2000 and MSDE 2000 systems resulting in a high volume of network traffic on both the Internet and private internal networks. We recognize that our partners are on the front line helping their customers manage this issue. This email provides crucial information and resources you and your customers need to help protect systems from the "Slammer" worm The "Slammer" virus is an Internet worm targeting un-patched Microsoft® SQL Server 2000 and MSDE 2000 systems resulting in a high volume of network traffic on both the Internet and private internal networks. We recognize that our partners are on the front line helping their customers manage this issue. This email provides crucial information and resources you and your customers need to help protect systems from the "Slammer" worm: href="http://www.microsoft.com/sql/techinfo/administration/2000/security/slammerbulletin.asp" target="_blank">Security bulletin answering frequently asked questions about the worm Updated patch download and technical bulletin SQL Server 2000 SQL Scan Tool (SQL Scan)?identifies systems vulnerable to the Slammer worm SQL Server 2000 service pack 3 Ten ways to secure SQL Server Guidance for Independent Software Vendors (ISVs) shipping MSDE with their products General network security information For details on all Microsoft product support, please visit http://support.microsoft.com. To our Technology Partners: On the evening of Friday January 24, 2003 Microsoft became aware of an Internet attack that was causing a dramatic increase in network traffic worldwide. We immediately began investigating the issue and learned that a worm, named Sapphire or Slammer, was targeting computers running Microsoft SQL ServerT 2000 and MSDE 2000 systems. We were quickly able to determine that (a) the vulnerability was known and patches had previously been made available, and (b) there was no data corruption on customers' systems. The release of this worm is a criminal act, and we are working with law-enforcement authorities to the fullest extent possible. We understand this worm has caused business disruption and we are committed to help our partners and their customers make sure their networks are as secure as possible from development through deployment. Since the release of this worm, Microsoft has worked around the clock to pull together the information and resources necessary to help ensure that customers are able to protect their affected systems. Complete information is located at http://Microsoft.com/security. We have extra staff on hand in Product Support to assist customers, and, of course, all support calls related to this issue are free of charge. The vulnerability that is exploited by this worm was first addressed by a Microsoft security patch in July 2002 and in subsequent cumulative patches, most recently in October 2002. In addition, as part of our commitment to the secure in deployment goal of Trustworthy Computing (TWC), we have re-released the latest security patch to include an installer that makes it easier for system administrators to accelerate installation. Going forward, Microsoft will continue to invest in developing a more secure and robust computing infrastructure as part of the Trustworthy Computing initiative. We will also work with network administrators to continue to improve our patch deployment process. We realize that SQL Server is a critical component of our technology partners' and their customers' enterprise infrastructures. As a result, Microsoft recently executed a security push to proactively identify and remove security flaws in SQL Server 2000. These updates were recently delivered as part of SQL Server 2000 and MSDE 2000 Service Pack 3. Security pushes like this are part of our commitment to delivering on the vision of TWC by making our existing software more secure by design, default and in deployment. As a result, we strongly recommend that you evaluate and adopt SQL Server Service Pack 3. Trustworthy Computing is a long-term process and this latest incident reinforces both how reliant we are on the Internet and how much work remains to deliver security against malicious attacks such as this. We understand the importance of this issue and we continue to look for new ways to deliver quality updates in a timely and easy-to-deploy manner. You have our commitment that we will continue to work on this issue until it is resolved. We thank you for your continued patience and support. For additional information please go to http://www.microsoft.com/security, or contact Microsoft product support, and your anti-virus vendor. Ways to contact support can be found at http://support.microsoft.com. ---------------------------------------------------------- THIS DOCUMENT AND OTHER DOCUMENTS PROVIDED PURSUANT TO THIS PROGRAM ARE FOR INFORMATIONAL PURPOSES ONLY. The information type should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED 'AS IS' WITHOUT WARRANTY OF ANY KIND. The user assumes the entire risk as to the accuracy and the use of this document. microsoft.com newsletter e-mail may be copied and distributed subject to the following conditions: All text must be copied without modification and all pages must be included All copies must contain Microsoft's copyright notice and any other notices provided therein This document may not be distributed for profit