YORK-ANNOUNCE-L Archives

York U. announcements list - READ ONLY

YORK-ANNOUNCE-L@YORKU.CA
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
MS-SQL "saphine/slammer" worm
From:
Chris Russel <[log in to unmask]>
Reply To:
Chris Russel <[log in to unmask]>
Date:
Sat, 25 Jan 2003 13:30:49 -0500
Content-Type:
TEXT/PLAIN
Parts/Attachments:
TEXT/PLAIN (26 lines) 
Network connectivity at York (and around the world) has been affected by a
new MS-SQL worm which spread rapidly starting sometime early this morning.

Several servers at York have been affected and have been isolated from the
network.

Preliminary analysis of the worm shows it is RAM-resident only and a
simple reboot will clear an infected system, although patches must be
applied to prevent rapid re-infection - affected servers should
disable the MS-SQL service temporarily, reboot, patch, and only then
re-enable the service.

MS technet advisory and patch:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-039.asp

MS-SQL service pack 3 will also patch the hole.

CNS will also be blocking the affected network port (1434/udp) to prevent
incoming attacks from outside York.

--
Chris Russel
Manager, CNS Information Security
York University, Toronto, Canada
[log in to unmask]

ATOM RSS1 RSS2