1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

SQL Server 2000 Security Tools: Feb 7

Discussion in 'Virus & Other Malware Removal' started by eddie5659, Feb 10, 2003.

Thread Status:
Not open for further replies.
  1. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    36,380
    Hiya

    The three tools previously available for download on this page -- SQL Server 2000 SQL Scan, SQL Check, and SQL Critical Update -- have been consolidated into a single download, the SQL Critical Update Kit. The SQL Critical Update Kit also includes an SMS deployment tool and the Servpriv.exe utility.

    NOTE: In some circumstances you may experience difficulties extracting the files from the SQL Critical Update Kit package if your computer has more than 4 GB free on your hard drive. See Microsoft Knowledge Based Article - 301913.

    The details of the tools included in the SQL Critical Update Kit are as follows:

    SQL Critical Update:
    SQL Critical Update scans the computer on which it is running for instances of SQL Server 2000 and MSDE 2000 that are vulnerable to the Slammer worm, and updates the affected files. SQL Critical Update runs on Windows 98, Windows ME, Windows NT 4.0, Windows 2000 and Windows XP. SQL Critical Update is supported in a clustered environment.

    Instances of SQL Server 2000 with Service Pack 2 (SP2) and security patch MS02-039, MS02-043, MS02-056, or MS02-061, or instances with SP3 or later, are not vulnerable. Computers running SQL Server 7.0 and earlier are not vulnerable.

    Restrictions:
    * SQL Critical Update must be run on the local machine.
    * SQL Critical Update will fix vulnerabilities that it discovers; it cannot be used to simply disable an instance of SQL Server.
    * SQL Critical Update does not install SP3. It only updates vulnerable files.
    * SQL Critical update will fix only MSDE installations that are the same language as the SQL Critical Update language you are running.
    * The user running SQL Critical Update must have permission to replace SQL Server files in the Program Directory.
    * SQL Critical Update works only if the ssnetlib.dll file exists for each instance of SQL Server being fixed.

    NOTE: If you have installed Microsoft Security Bulletin MS02-039, both SQL Scan and SQL Check will incorrectly report that you are vulnerable to the Slammer worm. If you are not sure that you have installed the necessary security patches to protect yourself from the Slammer worm, you can check the version of the ssnetlib.dll file in your \MSSQL\BINN folder and confirm that it is version 8.00.636 or later. However, Microsoft strongly recommends that you apply the security patch described in MS02-061 because this patch contains additional fixes that are described in the MS02-061 Security Bulletin.

    For additional details refer to the readme file.

    SQL Scan:
    SQL Scan (Sqlscan.exe) scans an individual computer, a Windows domain, or a range of IP addresses for instances of SQL Server 2000 and MSDE 2000, and identifies instances that may be vulnerable to the Slammer worm. SQL Scan runs on Windows 2000 or higher and can identify instances of SQL Server 2000 and MSDE 2000 running on Windows NT 4.0, Windows 2000, or Windows XP (Professional).

    Instances of SQL Server 2000 with Service Pack 2 (SP2) and security patch MS02-039, MS02-043, MS02-056, or MS02-061, or instances with SP3 or later, are not vulnerable. Computers running SQL Server 7.0 and earlier are not vulnerable.

    SQL Scan does not locate instances of SQL Server that are running on Windows 98, Windows ME, or Windows XP (Home). SQL Scan does not detect instances of SQL Server that were started from the command prompt.

    NOTE: In some circumstances, shutdown of an infected SQL Server instance may not complete successfully. You may need to use system management tools to terminate an infected process.

    SQL Scan requires one of the following items as input:

    1) A domain

    2) A range of IP addresses

    3) A single machine name

    SQL Scan must be run with domain administrator privileges when it is used to scan remote machines. Otherwise, you must be an administrator on the local machine.

    SQL Scan will not return a conclusive result if either the ssnetlib.dll or sqlservr.exe file has been renamed. If these files have been renamed, you should change the names back to their original name.

    SQL Scan identifies vulnerable SQL Server instances on clustered machines, but does not
    disable them. Disabling and shutting down of SQL Server instances must be managed manually.

    For additional details refer to the readme file.

    SQL Check:
    SQL Check scans the computer on which it is running for instances of SQL Server 2000 and MSDE 2000 that are vulnerable to the Slammer worm. SQL Check also identifies vulnerable SQL Server 2000 clusters, but does not disable them. SQL Check runs on Windows 98, Windows ME, Windows NT 4.0, Windows 2000 and Windows XP. On computers running Windows NT 4.0, Windows 2000 and Windows XP, it stops and disables the SQL Server and SQL Agent services. On computers running Windows 98 and Windows ME it identifies vulnerable instances but does not stop or disable any services.

    Instances of SQL Server 2000 with Service Pack 2 (SP2) and security patch MS02-039, MS02-043, MS02-056, or MS02-061, or instances with SP3 or later, are not vulnerable. Computers running SQL Server 7.0 and earlier are not vulnerable.

    For additional details refer to the readme file.

    SMS Deployment Tool:
    This tool provides a SQLFIX.SMS file that you can use to create a package in SMS to deploy SQL Server Critical Update.

    Servpriv.exe:
    If you are running SP2 of SQL Server 2000, in addition to applying the patches included in the critical update utility, you must also run the servpriv.exe utility that is included in this package to set the appropriate user rights on the corresponding service registry keys. This utility was first released in the Microsoft Security Bulletin MS02-043. See the readme_ServPriv.txt file for additional details.

    DISCLAIMER OF WARRANTIES
    SQL Scan and SQL Check are considered pre-release software and are not at the level of performance and compatibility of final, generally available product offerings. MICROSOFT IS PROVIDING THE SQL CRITICAL UPDATE KIT AS IS AND WITH ALL FAULT, AND HEREBY DISCLAIMS ALL OTHER WARRANTIES AND CONDITIONS, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY (IF ANY) IMPLIED WARRANTIES, DUTIES OR CONDITIONS OF MERCHANTABILITY, OF FITNESS FOR A PARTICULAR PURPOSE, OF RELIABILITY OR AVAILABILITY, OF ACCURACY OR COMPLETENESS OF RESPONSES, OF RESULTS, OF WORKMANLIKE EFFORT, OF LACK OF VIRUSES, OF LACK OF NEGLIGENCE. ALSO, THERE IS NO WARRANTY OR CONDITION OF TITLE, QUIET ENJOYMENT, QUIET POSSESSION, CORRESPONDENCE TO DESCRIPTION OR NON-INFRINGEMENT WITH REGARD TO THE SQL CRITICAL UPDATE KIT.


    System Requirements
    Supported Operating Systems: Windows 2000, Windows 98, Windows ME, Windows NT, Windows XP



    http://www.microsoft.com/downloads/...3b-04eb-4af9-9e24-6cde4d933600&DisplayLang=en

    Regards

    eddie
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/118133

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice