Microsoft Visual FoxPro 7.0 with MSDE 2000 installed may be vulnerable to the Slammer worm (814373)


The information in this article applies to:

  • Microsoft Visual FoxPro for Windows 7.0
  • Microsoft SQL Server 2000 Desktop Engine (MSDE)
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry

INTRODUCTION

This article explains how you can help protect your computer from the Slammer worm when you install Microsoft SQL Server 2000 Desktop Engine (MSDE 2000). When you install Microsoft Visual FoxPro 7.0, you may choose to manually install MSDE 2000. If you install MSDE 2000, you may be vulnerable to the Slammer worm. (The Slammer worm is also known as the Sapphire worm.) For more information about the Slammer worm, visit the following Microsoft Web site:

http://www.microsoft.com/security/slammer.asp

Note By default, MSDE 2000 is not installed when you install Visual FoxPro 7.0. To install MSDE 2000, you have to run a separate installation process.

MORE INFORMATION

How to help protect computers that have MSDE 2000 installed from the Slammer worm

You can help protect your computer from the Slammer worm by applying Microsoft SQL Server 2000 Service Pack 3 (SP3). To download the service pack, visit the following Microsoft web site:

http://www.microsoft.com/sql/downloads/2000/sp3.asp

How to apply SQL Server 2000 SP3

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To apply SQL Server 2000 SP3 to the instances of MSDE 2000 that are installed on your computer, follow these steps:
  1. Identify the Product Code for the MSDE 2000 instance.
    • For the default instance of MSDE 2000
      1. Click Start, click Run, type regedit in the Open box, and then click OK.
      3. In Registry Editor, locate and then select the following registry key:

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Setup

      4. In the right pane of Registry Editor, double-click ProductCode. Note the string value in the Value data box. This value represents the Product Code.
      5. Click OK, and then quit Registry Editor.
    • For the named instance of MSDE 2000
      1. Click Start, click Run, type regedit in the Open box, and then click OK.
      2. In Registry Editor, locate and then select the following registry key:

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server

      3. In the Microsoft SQL Server key, locate and then select the registry key that represents the named instance of MSDE 2000.

        Note You may have multiple named instances of MSDE 2000 installed. Each named instance has a unique registry key.
      4. Locate and then select the Setup key under the named instance key.
      5. In the right pane of Registry Editor, double-click the ProductCode key. Note the string value in the Value data box. This value represents the Product Code.
      6. Click Cancel, and then quit Registry Editor.
      Note If multiple named instances of MSDE 2000 exist, repeat steps b through e until you have identified the ProductCode string value of each named instance.
  2. Identify the Microsoft Windows Installer (.msi) file that corresponds to the Product Code that you noted in step 1. To do this, use the ProductCode to Original Package Name mapping table in the following Microsoft Knowledge Base article. This table lists the Original Package Name that corresponds to the ProductCode string.

    311762 How to identify which MSI file was used for an existing MSDE installation

    Note To apply SQL Server 2000 SP3, you must have the name of the Windows Installer file that was used to install the instance of MSDE 2000.
  3. Download SQL Server 2000 SP3 for Desktop Engine. To do this, follow these steps:
    1. Visit the following Microsoft Web site:

      http://www.microsoft.com/sql/downloads/2000/sp3.asp

    2. Select the language in the Full Download list, and then click Go.
    3. Locate the download link to the SQL2KDeskSP3.exe file. Click the download link to start the download.

      Note Non-English versions of the download are listed as languagecode_SQL2KDeskSP3.exe. In this example, languagecode represents the language version of the download.
    4. When you receive a prompt, save the file to your computer's Desktop.
  4. Extract the SQL Server 2000 SP3 setup files:
    1. On your computer's Desktop, double-click the Setup file.
    2. In the License Agreement dialog box, click I Agree to accept the License Agreement.
    3. In the Installation Folder dialog box, type c:\sql2ksp3 in the Installation Folder box, and then click Continue.

      Note If the C:\Sql2ksp3 folder does not exist, click Yes in the PackageForTheWeb dialog box.
  5. Run the Setup.exe program to apply SQL Server 2000 SP3 to an MSDE 2000 instance. To do this, follow these steps:
    1. Click Start, click Run, and then type the following command in the Open box:

      c:\sql2ksp3\msde\setup.exe /upgradesp c:\sql2ksp3\msde\setup\SqlRunXX.msi SECURITYMODE=SQL UPGRADEUSER=username UPGRADEPWD=password

      In this example, SqlRunXX.msi is the Windows Installer file that you identified in step 2. For example, this file may be named SqlRun01.msi.

      Note If multiple named instances of MSDE 2000 exist, repeat this step for each named instance.
    2. Click OK.

      Note If you type an incorrect Original Package Name while you are installing SQL Server 2000 SP3, you may receive the following error message:
      The instance name specified is invalid.
  6. Restart your computer.

REFERENCES

For more information about how to install SQL Server 2000 SP3 for MSDE 2000, see "SQL Server 2000 Service Pack 3 (SP3) ReadMe" at the following Microsoft Web site:

http://support.microsoft.com/kb/889551

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

306908 List of bugs fixed by SQL Server 2000 service packs

330022 SQL Server 2000 Service Pack 3 Readme.htm additions

810826 New switches in MSDE Service Pack 3 Setup

317328 How to troubleshoot a SQL Server Desktop Engine 2000 installation and upgrade

Modification Type:MajorLast Reviewed:8/7/2006
Keywords:kbUpgrade kbsetup kbinfo KbSECVulnerability kbSecurity KB814373 kbAudDeveloper kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.