Microsoft KB Archive/814052

= Visio Enterprise Network Tools installed with MSDE 2000 may make your computer vulnerable to the Slammer worm =

Article ID: 814052

Article Last Modified on 11/24/2006

-

APPLIES TO


 * Microsoft Visio 2002 Professional Edition
 * Microsoft Visio Enterprise Network Tools

-



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SUMMARY
Microsoft Visio Enterprise Network Tools (VENT) includes an AutoDiscovery and Layout solution. To install this functionality, you must first install the SQL Server Desktop Engine (also known as MSDE 2000) included on the VENT CD-ROM. After you install MSDE 2000, your computer may be vulnerable to the Slammer worm. For more information about the Slammer worm, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/alerts/slammer.mspx

NOTE: MSDE 2000 is not installed in any default installation configuration of VENT. To install MSDE 2000, you must run a separate installation process.

This article describes how VENT users who manually installed MSDE 2000 can help protect their computers from the Slammer worm.



MORE INFORMATION
To help protect your computer from the Slammer worm, use one of the following methods.

Method 1: Run the SQL Critical Update Wizard to Update the Affected Files
For additional information about the SQL Critical Update Wizard, click the following article number to view the article in the Microsoft Knowledge Base:

814372 Overview of the SQL 2000 Critical Update Wizard

Method 2: Install SQL Server 2000 SP3
Identify the Windows Installer file (.msi) that was used to install MSDE 2000, download and install the SQL Server 2000 Service Pack 3, and then make sure that your System Administrator (SA) account has a strong password. The following steps explain this process in detail.

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.  Right-click the MSSQL icon on your Microsoft Windows taskbar, and then click Exit to stop the MSDE service. Identify the .msi file that was used to install your instance of MSDE 2000.

To do this, follow the steps according to your instance of MSDE 2000.

Default instance  Click Start, and then click Run. In the Open box, type Regedit, and then click OK. Locate and then select the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Setup

 In the right pane of the Registry Editor window, double-click ProductCode. In the Value data box, note the string value. Click OK, and then close Registry Editor.</li></ol>

Named instance <ol style="list-style-type: lower-alpha;"> Click Start, and then click Run.</li> In the Open box, type Regedit, and then click OK.</li> Locate and then select the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\

</li> In the Microsoft SQL Server key, locate and select the registry key that represents the first named instance of MSDE 2000.

NOTE: It is possible to install multiple named instances of MSDE 2000. Each named instance will have a unique registry key located in the Microsoft SQL Server key.</li> Locate and then select the Setup key.</li> In the right pane of the Registry Editor window, double-click ProductCode. In the Value data box, note the string value.</li> If multiple named instance of MSDE 2000 exist, repeat steps b through e until you have identified the ProductCode string value of each named instance.</li> Click OK, and then close Registry Editor.</li></ol> </li> Click the following Microsoft Knowledge Base article, and then use the table in the article to identify the original patch package name that corresponds with the ProductCode or ProductCodes strings that were identified in the pervious steps. (For example, “SqlRun01.msi”):

311762 INF: How to Identify Which MSI File Was Used for an Existing MSDE Installation

</li> (Optional) Identify the language that was used to install the instance of MSDE 2000 on your computer. To do this, use the following steps according to your instance of MSDE 2000.

NOTE: This step is only necessary if you are not sure which language was used to install MSDE 2000. If you are confident that you know what language was used to install MSDE 2000, skip this step.

Default instance <ol style="list-style-type: lower-alpha;"> Click Start, and then click Run.</li> In the Open box, type Regedit, and then click OK.</li> Locate and then select the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\CurrentVersion\

</li> In the right pane of the Registry Editor window, double-click Language. In the Edit DWORD Value dialog box, click Decimal, and then in the Value data box, note the DWORD value.</li> Click OK, and then close Registry Editor.</li></ol>

Named instance <ol style="list-style-type: lower-alpha;"> <li>Click Start, and then click Run.</li> <li>In the Open box, type Regedit, and then click OK.</li> <li>Locate and then select the following registry key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\

\MSSQLServer\CurrentVersion

where  is a named instance of MSDE 2000.</li> <li>In the right hand of the Registry Editor window, double-click Language. In the Edit DWORD Value dialog box, click Decimal, and then in the Value data box, note the DWORD value.</li> <li>Click OK.</li> <li>If multiple named instance of MSDE 2000 exist, repeat steps b through d until you have identified the Language DWORD value of each named instance.</li> <li>Close Registry Editor.</li></ol>

Use the Language DWORD value to identify the language that was used to install MSDE 2000 on your computer. To do this, use the following table:

</li> <li>Download SQL Server 2000 Service Pack 3.

To do this: <ol style="list-style-type: lower-alpha;"> <li>Visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=90dcd52c-0488-4e46-afbf-acace5369fa3&DisplayLang=en

</li> <li>Select the language that matches your version of MSDE 2000 from the Full Download box on the right side of your screen, and then click Go.</li> <li>Locate the download link to the SQL2KDeskSP3.exe file, and then click the download link to start the download.

NOTE: Non-English versions of the download will be listed as  _SQL2KDeskSP3.exe.

Where  represents the language version of the download.</li> <li>When prompted, save the file to your Windows Desktop.</li></ol> </li> <li>Install SQL Server 2000 Service Pack 3.

To do this: <ol style="list-style-type: lower-alpha;"> <li>In Windows Explorer, double-click the SQL Server 2000 Service Pack 3 download that you previously saved to your desktop.</li> <li>Click I Agree, to accept the License Agreement.</li> <li>In the Installation Folder box, type C:\sql2ksp3, and then click Continue.</li> <li>Click Start, click Run, and then type the following command in the Open box

C:\sql2ksp3\msde\setup.exe /upgradesp C:\sql2ksp3\msde\setup\ BLANKSAPWD=1

where  is the .msi file identified in step 2. (e.g. SqlRun01.msi)</li> <li>Click OK.

NOTE: When installing SQL Server 2000 Service Pack 3, if you do not enter the correct original package name, you will receive the following error message:

The instance name specified is invalid

</li></ol> </li> <li>Restart your computer, and then log on as the Administrator to the local computer.</li> <li>When your computer restarts, make sure that the MSDE 2000 service is currently running on your computer.

To do this: <ol style="list-style-type: lower-alpha;"> <li>Click Start, click Run, type sqlmangr.exe in the Open box, and then click OK.</li> <li>In the Server box, select the MSDE instance that you just patched.</li> <li>In the Services box, click SQL Server.</li> <li>Click Start/Continue.</li></ol> </li> <li>Run the sp_password stored procedure to set the SA password.

To do this: <ol style="list-style-type: lower-alpha;"> <li>Click Start, click Run, type cmd in the Open box, and then click OK.</li> <li>At the command prompt, type the appropriate command according to your instance of MSDE 2000, and then press ENTER.

Default instance type:

osql -E

NOTE: This command connects you to the local, default instance of MSDE 2000 by using the SA account.

Named instance type:

Osql –S \  –E

where  is the name of the server and   is the instance name of MSDE 2000.</li> <li>Type the following commands (including single quotes) on separate lines, pressing ENTER after each line.

sp_password NULL, ‘ ’, ‘sa’

go

quit

where  is your new SA password.</li> <li>Close the Command console.</li></ol> </li></ol>

<div class="references_section">