Network connectivity at York (and around the world) has been affected by a new MS-SQL worm which spread rapidly starting sometime early this morning. Several servers at York have been affected and have been isolated from the network. Preliminary analysis of the worm shows it is RAM-resident only and a simple reboot will clear an infected system, although patches must be applied to prevent rapid re-infection - affected servers should disable the MS-SQL service temporarily, reboot, patch, and only then re-enable the service. MS technet advisory and patch: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-039.asp MS-SQL service pack 3 will also patch the hole. CNS will also be blocking the affected network port (1434/udp) to prevent incoming attacks from outside York. -- Chris Russel Manager, CNS Information Security York University, Toronto, Canada [log in to unmask]