Microsoft KB Archive/814514

= Overview of Version 3.0 of the SQL Server 2000 Security Tools =

Article ID: 814514

Article Last Modified on 2/22/2007

-

APPLIES TO


 * Microsoft SQL Server 2000 Service Pack 3a
 * Microsoft SQL Server 2000 Service Pack 1
 * Microsoft SQL Server 2000 Service Pack 2

-



SUMMARY
The three tools originally available for download -- SQL Server 2000 SQL Scan, SQL Check, and SQL Critical Update have been consolidated into a single download, the SQL Critical Update Kit.

The tools included in the SQL Critical Update Kit are as follows:
 * SQL Critical Update Wizard uses a GUI interface to walk users through the steps of inspecting and updating a computer.
 * SQL Scan locates vulnerable instances across a local network.
 * SQL Check locates and disables vulnerable instances of SQL Server.
 * SQL Critical Update applies a hotfix that eliminates vulnerability to the Slammer worm.
 * SMS Deploy enables the use of Systems Management Server (SMS) to deploy updates across an SMS-managed network.
 * ServPriv patches instances of SQL Server 2000 and MSDE 2000 that are running SQL Server 2000 SP2 or later.

The specifics for each tool are listed below:

SQL Critical Update Wizard
The SQL Critical Update Wizard is a new tool that walks users through the steps of inspecting and updating a computer. Enterprise customers can use the wizard and supply it to internal customers.

Version 1.0

 * SQL Critical Update Wizard not available.

Version 2.0

 * SQL Critical Update Wizard not available

Version 3.0

 * SQL Critical Update Wizard added to the SQL Critical Update Kit. This wizard replaces Update.bat.

Advantages of SQL Critical Update Wizard Version 3.0

 * Easy to use GUI interface for detecting and updating a computer.

Restrictions of SQL Critical Update Wizard Version 3.0

 * Must be logged on to the computer using an account with local Administrative privileges

SQL Scan
SQL Scan (Sqlscan.exe) locates instances of SQL Server 2000 and MSDE 2000 on Windows NT 4.0, Windows 2000, Windows XP (Professional), or later. SQL Scan scans an individual computer, a Windows Domain, or a specific range of IP addresses. In addition, SQL Scan identifies instances of SQL Server and MSDE 2000 that may be vulnerable to the Slammer worm and attempts to shut them down.

SQL Scan identifies vulnerable SQL Server instances on clustered machines, but does not disable them. Disabling and shutting down of SQL instances must be managed manually on these machines.

SQL Scan attempts to identify the MSDE product code and MSDE package code, if applicable to the instance being evaluated. You can find a list of recognized MSDE product codes from the following article in the Microsoft Knowledge base:

311762 INF: How to identify which MSI file was used for an existing MSDE installation

Version 1.0

 * SQL Scan released as a stand-alone tool.

Version 2.0

 * SQL Scan integrated into the SQL Critical Update Kit.
 * Added support for identifying, but not disabling, instances of SQL Server on a cluster.
 * Added the -c command-line switch to generate output in comma-separated values (CSV). This enables you to import the results of SQL Scan into a spreadsheet.
 * Improved reporting. All output modes now include a summary of scan results. You are no longer required to run SQL Scan with the /v (verbose) switch to obtain summary information.
 * Added more MSDE product codes so that SQL Scan can report the product code and the name of the package that installed MSDE.
 * Added platform support to enable SQL Scan to report the operating system of the computer where the instance is installed.

Version 3.0

 * When using the -m (computer) or -b (IP address) option with the -c or -v output options, the output includes the platform and version information for Windows 98 computers. This output has always been available with the -d (domain) option.
 * When using the -c option for CSV-formatted output, SQL Scan returns the full product and file version for Sqlservr.exe and Ssnetlib.dll. Previously this only occurred with the -v option.

Advantages of SQL Scan Version 3.0

 * Scans either a single computer or multiple computers and reports if it finds any vulnerable instances of SQL Server 2000.
 * Can scan all the computers in a domain, or all the computers within a range of IP network addresses.

Restrictions of SQL Scan Version 3.0

 * The minimum system requirement to launch SQL Scan is Windows 2000, so cannot be run locally on NT 4.0 systems
 * Will not detect instances on Win9X machines.
 * SQL Scan requires the user to be a domain administrator when it is used to target remote machines. Otherwise, you must be an administrator on the local machine.
 * SQL Scan does not locate instances of SQL Server that are running on Windows 98, Windows ME, Windows XP (Home). In addition, SQL Scan does not detect instances of SQL Server that were started from the command prompt.
 * SQL Scan will not return a conclusive result if either the Ssnetlib.dll or Sqlservr.exe files are renamed. You must name these files back to their original names before running the tool.
 * SQL Scan must be run against a computer attached to a network; stand-alone machines will run the tool, but will not report vulnerabilities – instance status will be reported as unknown or unreachable.

SQL Check
SQL Check (Sscheck.exe) locates and disables instances of SQL Server 2000 and MSDE 2000 that are vulnerable to the Slammer worm. SQL Check identifies and reports the vulnerability of any instance of SQL Server 2000 or MSDE 2000 on Windows 98, Windows ME, Windows NT 4.0, Windows 2000, or Windows XP. SQL Check can only disable instances of SQL Server 2000 and MSDE 2000 on Windows NT 4.0, Windows 2000, or Windows XP. SQL Check also identifies vulnerable SQL Server 2000 clusters, but does not disable them.

SQL Check attempts to identify the MSDE product code and MSDE package code, if applicable, of the instance being evaluated. You can find a list of recognized MSDE product codes from the following article in the Microsoft Knowledge base:

311762 INF: How to identify which MSI file was used for an existing MSDE installation

Note Although SQL Check and SQL Critical Update can be run individually, it is recommended that you use these tools together by running the Update.bat file from the command line.

Version 1.0

 * SQL Check released as a stand-alone tool.

Version 2.0

 * SQL Check integrated into the SQL Critical Update Kit.
 * Added the /r switch for re-enabling instances after they have been patched. (The /r switch must be used with the /d switch.) The Update.bat (in 2.0 only) file uses the /d and /r switches to initially disable all vulnerable instances and then re-enable the instances after they have been patched.
 * Improved reporting. When you run SQL Check with the /v (verbose) switch, SQL Check provides information about the instance and product and about whether you need to run SQL Critical Update.

Version 3.0

 * No changes

Advantages of SQL Check Version 3.0

 * Supports older operating system versions, such as Windows 98 and Windows ME, that are not supported by SQL Scan.

Restrictions of SQL Check Version 3.0

 * Scans only a single computer for vulnerable instances of SQL Server 2000.
 * Can be run locally only (not remotely) regardless of Operating System.

SQL Critical Update
SQL Critical Update scans the computer on which it is running for instances of SQL Server 2000 and MSDE 2000 that are vulnerable to the Slammer worm, and either updates the affected files or temporarily disables the vulnerable instance. SQL Critical Update runs on Windows 98, Windows ME, Windows NT 4.0, Windows 2000 and Windows XP. SQL Critical Update is supported in a clustered environment.

Version 1.0

 * SQL Critical Update released as a stand-alone tool.

Version 2.0

 * SQL Critical Update integrated into the SQL Critical Update Kit.
 * Added support for applying the hotfix on the Windows 98 and Windows ME operating systems. Unattended hotfixes are not supported for version 2 on these operating systems.
 * Added support for applying the hotfix in clustered environments.
 * Improved reporting. If you run Update.bat (in 2.0 only) from a command prompt, results are written to the Command Prompt window. If you run SQL Critical Update by double-clicking SQLHotfix_ENU.exe, a dialog box shows the results.
 * Added the /q switch for running the tool without displaying progress. This switch is available only on Windows NT, Windows 2000, and Windows XP.

Version 3.0

 * Unattended installations on Windows 98 and Windows ME are supported. See the readme for additional details.
 * Runs the Servpriv patch on instances of SQL Server 2000 SP2 and MSDE 2000 SP2.

Advantages of SQL Critical Update Version 3.0

 * Upgrades an instance of SQL Server 2000 running service pack 2 to the latest security patch, MS02-061 to protect against all currently known vulnerabilities.
 * Can repair all instances of SQL Server 2000, regardless of service pack. (Note service pack 3 instances are not vulnerable, hence do not need to be repaired.)
 * Can repair all instances of MSDE 2000, regardless of service pack and regardless of whether or not the MSDE was installed as part of a custom installation. (Note service pack 3 instances are not vulnerable, hence do not need to be repaired.)

Restrictions of SQL Critical Update Version 3.0

 * SQL Critical Update must be run on the local machine.
 * SQL Critical Update will fix vulnerabilities that it discovers; it cannot be used to simply disable an instance of SQL Server.
 * SQL Critical Update does not install SP3. It only updates vulnerable files.
 * SQL Critical update will fix only MSDE installations that are the same language as the SQL Critical Update language you are running.
 * The user running SQL Critical Update must have permission to replace SQL Server files in the Program Directory.
 * SQL Critical Update works only if the ssnetlib.dll file exists for each instance of SQL Server being fixed.

SMS Deploy
SMS Deploy enables the use of Systems Management Server (SMS) to deploy updates across an SMS-managed network. SMS Deploy includes SQL Check and SQL Critical Update.

Version 1.0

 * SMS Deploy not available.

Version 2.0

 * SMS Deploy added to the SQL Critical Update Kit.

Version 3.0

 * Added //B option to WScript command in Sqlfix.sms to suppress error messages on client machines.
 * Added Windows 98 and Windows ME as supported clients in Sqlfix.sms.
 * Added the /d and /r command-line switches to the SQL Check command (Sscheck.exe). The /d switch disables vulnerable instances, and the /r switch sets a flag to re-enable the instance after patched.
 * Included the SQL Check return value in status message. Status codes are explained in the SQL Check readme file.
 * Changed code to verify that SQL Check is available at the SMS distribution point. If SQL Check is not available the message &quot;Unable to find sscheck.exe.&quot; If SQL Check returns either code 1 or 2, the appropriate SQL Critical Update package is invoked (based on language ID ).

Advantages of SMS Deploy Version 3.0

 * Provides ability to automate a method for detecting and repairing many machines.

Restrictions of SMS Deploy Version 3.0

 * Must have SMS client agents on each machine for which you need to detect and repair.

ServPriv
ServPriv applies a permissions-related patch on instances SQL Server 2000 SP2 and MSDE 2000 SP2. This is the same patch that is available from the following Microsoft Knowledge Base article:

322853 FIX: SQL Server grants unnecessary permissions or an encryption function contains unchecked buffers

Version 1.0

 * ServPriv.exe only available via Microsoft Knowledge Base article

Version 2.0

 * ServPriv integrated into the SQL Critical Update Kit. In version 2, you must run this patch separately.

Version 3.0

 * The SQL Critical Update tool runs Servpriv.exe on instances of SQL Server 2000 SP2 and MSDE 2000 SP2. You no longer need to run this patch individually

Update.bat
Update.bat was a batch file used in Version 2.0 of the package which ran SQL Check and SQL Critical Update. This batch file has been removed and replaced with the SQL Critical Update Wizard.

Version 1.0

 * Update.bat not available.

Version 2.0

 * Update.bat added to the SQL Critical Update Kit.

Version 3.0

 * Removed from the SQL Critical Update Kit and replaced with the SQL Critical Update Wizard.



MORE INFORMATION
Below is a list of frequently asked questions regarding the SQL Critical Update Kit:

Q: How do I apply the critical update to a clustered SQL Server?

A: Critical Update automatically enumerates each virtual server and updates all instances on the node running Critical Update. You can run Critical Update with one virtual server or multiple virtual servers.

To run Critical Update on a cluster with one virtual server

Run Critical Update on the node that owns the SQL Server resource. Critical Update patches all nodes that are possible owners of the virtual server.

To run Critical Update on a cluster with multiple virtual servers
 * 1) Move the groups that contain all SQL Server resources to a single node.
 * 2) Run Critical Update on that node.

Moving all the groups that contain SQL Server resources to a single node is an optional step to make it easier to run Critical Update. If you cannot move all the groups that contain SQL Server resources to a single node, run Critical Update on each active node to ensure each virtual server is patched.

Q: What is the most common SEQUENCE OF USE for these tools if the update.bat file is not being used?

A: Customers are most likely to run the following sequence:
 * 1) Run SQL Scan or SQL Check to identify vulnerable servers
 * 2) Run SQL Critical Update to patch the infected server
 * 3) Run SQL Scan or SQL Check again to verify the infected server is now clean

Q: How do I enable and disable SQL Server on Windows ME or Windows 98?

A: Microsoft Windows Me and Windows 98 do not have a component that corresponds to Window NT or Windows 2000 services. The Microsoft SQL Server database engine and SQL Server Agent run as executable programs on Windows Me and Windows 98. These SQL Server components cannot be started as services automatically. They can be started by placing a command prompt command in the Windows Me or Windows 98 StartUp group, but then they run as a separate Microsoft MS-DOS window.

Additionally, SQL Server Service Manager can create shortcuts in the Windows Me or Windows 98 StartUp group that use the Service Control Manager utility (Scm.exe) to start the SQL Server database engine. When the Auto-start service when OS starts check box is selected in SQL Server Service Manager for an instance of SQL Server, Service Manager places a shortcut in the StartUp group. For the default instance, the name of the shortcut is SQL Server. For a named instance, the name of the shortcut is SQL Server Instance Instance_Name, where Instance_Name is the name of the instance. To disable the SQL Server database engine and SQL Server Agent from starting, you must temporarily remove these shortcuts from the StartUp group. For safety purposes, you should also temporarily remove the Service Manager shortcut.

To disable SQL Server and SQL Server Agent from starting automatically when the Windows Me or Windows 98 operating system restarts:
 * 1) Click Start, and then click Run.
 * 2) Type msconfig in the dialog box, then press Enter.
 * 3) Click the Startup tab.
 * 4) Deselect each checkbox in the list that starts with Auto Start SQL Server.
 * 5) Deselect the Service Manager checkbox.
 * 6) Click Close.
 * 7) Click Restart on the next dialog box to restart the system.

The shortcuts will be moved to a group named Disabled.

If you disabled SQL as part of running the scan, you must re-enable it to install SQL Server 2000 Service Pack 3 (SP3). Follow these steps to do so on a Windows Me or Windows 98 system:
 * 1) Click Start, and then click Run.
 * 2) Type msconfig in the dialog box, then press Enter.
 * 3) Click the Startup tab.
 * 4) Select each checkbox in the list that starts with Auto Start SQL Server.
 * 5) Select the Service Manager checkbox.
 * 6) Click Close.
 * 7) Click Restart on the next dialog box to restart the system.

Q: What happens when the tools encounter an older instance of SQL Server (version number lower than 2000)?

A: All tools will correctly skip SQL instances lower than version 2000 and will not report an error.

Q: The original release of the tools reported a SQL instance with the Microsoft Security Bulletin MS02-039 patch as vulnerable. Do the current release of the tools correct this problem?

A: Yes. The current versions of SQL Scan and SQL Check will correctly report that instances with the Microsoft Security Bulletin MS02-039 patch are not vulnerable to the slammer virus. However, they will recommend running SQL Critical Update to protect against additional vulnerabilities. SQL Critical Update will install Microsoft Security Bulletin MS02-061 to an instance with the MS02-039 patch.

Keywords: KB814514

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.