Windows Server 2003 RC1 and RC2 Users Who Have UDDI Services and MSDE 2000 Installed May Be Vulnerable to the Slammer Worm (814204)


The information in this article applies to:

  • Microsoft Windows Server 2003, Datacenter Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Web Edition

SUMMARY

This article describes how users who have UDDI Services and Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) installed can protect their computers from the Slammer worm.

When you installed UDDI Services Database components with the Release Candidate 1 (RC1) or Release Candidate 2 (RC2) version of the products that are listed at the beginning of this article, you may have chosen to install MSDE 2000. If you installed MSDE 2000, you may be vulnerable to the Slammer worm. For more information about the Slammer worm, visit the following Microsoft Web site:

http://www.microsoft.com/security/slammer.asp


MORE INFORMATION

If you installed UDDI Services Database components and MSDE 2000, you can install SQL Server 2000 Service Pack 3 (SP3) to protect your computer against the Slammer worm.

How to Obtain and Install SQL Server 2000 SP3 for MSDE with UDDI Services Database Components

  1. Download SQL Server 2000 Desktop Engine SP3. To do so, visit the following Microsoft Web site:

    http://www.microsoft.com/sql/downloads/2000/sp3.asp

    Click your language in the Full Download list, click Go, and then click Sql2KDesksp3.exe.
  2. Double-click the SQL2KDeskSP3.exe file, and then extract the files to an installation folder. For example: C:\Sql2ksp3.
  3. Copy the Sqlrun.dat file from the i386 folder on the Windows Server 2003 CD-ROM to the Msde\Setup folder that is created in the folder to which you extracted the files in step 2. For example: C:\Sql2ksp3\Msde\Setup.
  4. Click Start, click Run, type cmd in the Open box, and then click OK.
  5. Type cd /d Sql2ksp3_folder\msde (where Sql2ksp3_folder is the path to the extracted service pack files), and then press ENTER.

    For example, type cd /d C:\Sql2ksp3\Msde, and then press ENTER.
  6. Type setup /upgradesp sqlrun instancename=uddi_instance_name blanksapwd=1 (where uddi_instance_name is the name of the UDDI Services instance to which you installed the UDDI Services Database components), and then press ENTER.

    For example, if your UDDI Services instance has the default name of "UDDI," type the following command, and then press ENTER:

    setup /upgradesp sqlrun instancename=uddi blanksapwd=1

    Note The UDDI Services instance name appears on the Database Connection tab in the Web site properties.

List of Bugs Fixed by SQL Server 2000 Service Packs

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

306908 INF: List of Bugs Fixed by SQL Server 2000 Service Packs

SQL Server 2000 SP3 Readme

To view the SQL Server 2000 ReadMe file, visit the following Microsoft Web site:

http://support.microsoft.com/kb/889551

SQL Server 2000 SP3 Readme Addendum

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

330022 INF: SQL Server 2000 Service Pack 3 Readme.htm Additions

Modification Type:MajorLast Reviewed:8/7/2006
Keywords:KbSECVulnerability kbSecurity kbinfo KB814204
©2004 Microsoft Corporation. All rights reserved.