New Internet Worm Targets MS-SQL Server 2000

New Internet Worm Targets MS-SQL Server 2000 Early this last weekend, IET network staff noticed a slowdown on the campus network. This slowdown continued to grow through the evening and following morning. The source of the problem was ultimately traced to what is now referred to as the MS-SQL Server Worm or SQL Slammer Worm. This self-propagating worm exploits vulnerabilities in MS-SQL Server 2000. An infected computer will generate network traffic via port 1433/1434 as it randomly searches for other computers to exploit. According to Microsoft and security vendors, administrators should verify that all computers running MS-SQL Server 2000 or Microsoft Desktop Engine (MSDE) 2000 have received security patches. Microsoft recommends the following two MS-SQL patches be reviewed and applied: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-039.asp http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-061.asp If you run computers with MS SQL Server 2000 or MSDE, please verify immediately that the above patches are applied. We understand that Service Pack 3 for MS-SQL Server 2000 also includes the necessary patches. This infection underscores the need for system administrators to maintain an aggressive security patch program and, if possible, disable unneeded services.