MORE INFORMATION

The SQL Server 2000 security tools help update editions of SQL Server 2000 and SQL Server Desktop Engine (also known as MSDE 2000) that are vulnerable to the Slammer worm. SQL Server 2000 Evaluation editions can be updated with the SQL Critical Update, but do not support SQL Server 2000 Service Pack 3 (SP3). MSDE 2000 is included with several Microsoft products, including Microsoft Office XP. For a list of products that include MSDE 2000, visit the following Microsoft Web site:

Microsoft products that include MSDE 2000

Microsoft has developed a wizard for the home and the small business user that steps you through the process of checking and updating your computer. Enterprise customers may also use and deploy the wizard to their internal customers. Visit the following Microsoft Web site to obtain the wizard:

SQL Server 2000 Critical Update Wizard

The SQL Critical Update Wizard is also included in the SQL Critical Update Kit package.

Note: In some circumstances, you may experience difficulties extracting the files from the SQL Critical Update Kit package if your computer has more than 4 GB of free space on your hard disk. For more information, see the following article in the Microsoft Knowledge Base:

The details of the tools included in the SQL Critical Update Kit are as follows:

SQL Critical Update

SQL Critical Update scans the computer where it is running for instances of SQL Server 2000 and MSDE 2000 that are vulnerable to the Slammer worm, and it updates the affected files. SQL Critical Update runs on Microsoft Windows 98, Microsoft Windows Millennium Edition, Microsoft Windows NT 4.0, Microsoft Windows 2000, and Microsoft Windows XP. SQL Critical Update is supported in a clustered environment.

Instances of SQL Server 2000 with Service Pack 2 (SP2) and security patch MS02-039, MS02-043, MS02-056, or MS02-061, or instances with SQL Server 2000 SP3, or later, are not vulnerable. Computers that are running SQL Server 7.0, or earlier, are not vulnerable.

Restrictions

• SQL Critical Update must be run on the local computer.
• SQL Critical Update will fix vulnerabilities that it discovers; it cannot be used to just disable an instance of SQL Server.
• SQL Critical Update does not install SQL Server 2000 SP3. It only updates vulnerable files.
• SQL Critical update will only fix MSDE installations that are the same language as the SQL Critical Update language that you are running.
• The user who is running SQL Critical Update must have permission to replace SQL Server files in the Program folder.
• SQL Critical Update works only if the Ssnetlib.dll file exists for each instance of SQL Server that is being fixed.
• SQL Critical Update must target the active node to work in a clustered environment.

For more information, see the Readme file.

SQL Scan

SQL Scan (Sqlscan.exe) scans an individual computer, a Windows domain, or a range of IP addresses for instances of SQL Server 2000 and MSDE 2000, and identifies instances if they might be vulnerable to the Slammer worm. SQL Scan runs on Windows 2000, or higher, and can identify instances of SQL Server 2000 and MSDE 2000 that are running on Windows NT 4.0, Windows 2000, or Windows XP (Professional).

Instances of SQL Server 2000 with Service Pack 2 (SP2) and security patch MS02-039, MS02-043, MS02-056, or MS02-061, or instances with SQL Server 2000 SP3, or later, are not vulnerable. Computers that are running SQL Server 7.0, or earlier, are not vulnerable.

SQL Scan does not locate instances of SQL Server that are running on Windows 98, Windows Millennium Edition, or Windows XP (Home). SQL Scan does not detect instances of SQL Server that were started from the command prompt.

Note In some circumstances, a shutdown of an infected instance of SQL Server might not complete successfully. You might have to use system management tools to end an infected process.

SQL Scan enumerates all instances of SQL Server 2000 and SQL Server 2000 Desktop Edition (MSDE 2000) across a network. SQL Scan requires one of the following items as input:

• A domain
• A range of IP addresses
• A single computer name

SQL Scan must be run with domain administrator credentials when it is used to scan remote computers. Otherwise, you must be an administrator on the local computer.

SQL Scan will not return a conclusive result if either the Ssnetlib.dll or the Sqlservr.exe file has been renamed. If these files have been renamed, it is best to change the names back to their original name.

SQL Scan identifies vulnerable SQL Server instances on clustered computers, but does not disable them. You must manage instances of SQL Server manually.

For more details, see the Readme file.

SQL Check

SQL Check scans the computer where it is running for instances of SQL Server 2000 and MSDE 2000 that are vulnerable to the Slammer worm. SQL Check also identifies vulnerable SQL Server 2000 clusters, but does not disable them. SQL Check runs on Windows 98, Windows Millennium Edition, Windows NT 4.0, Windows 2000 and Windows XP. On computers that are running Windows NT 4.0, Windows 2000, or Windows XP, it stops and disables the SQL Server and the SQL Server Agent services. On computers that are running Windows 98 or Windows Millennium Edition, it identifies vulnerable instances but does not stop or disable any services.

Instances of SQL Server 2000 with Service Pack 2 (SP2) and security patch MS02-039, MS02-043, MS02-056, or MS02-061, or instances with SQL Server 2000 SP3, or later, are not vulnerable. Computers that are running SQL Server 7.0, or earlier, are not vulnerable.

For more details, see the Readme file.

SMS Deployment Tool

This tool provides a SQLFIX.SMS file that you can use to create a package in SMS to deploy SQL Server Critical Update.

Servpriv.exe

If you are running SQL Server 2000 Service Pack 2 (SP2) or MSDE 2000 SP2, and you have already applied SQL Critical Update, you must also run the Servpriv.exe utility that is included in this package to set the appropriate user rights on the corresponding service registry keys. This utility was first released in Microsoft Security Bulletin MS02-043.
Servpriv.exe automatically runs with SQL Critical Update 3.0 and the new SQL Critical Update Wizard available in the latest SQL Critical Update Kit. If you are applying SQL Critical Update for the first time, you do not have to run Servpriv.exe separately.

For more details, see the Readme_ServPriv.txt file.

SQL Server Critical Update Wizard

The SQL Critical Update Wizard will walk you through the steps of detecting the vulnerability and updating the affected files. The SQL Critical Update Wizard runs on Windows 98, Windows Millennium Edition, Windows NT 4.0, Windows 2000 and Windows XP.
Note: If you want to install SQL Critical Update on a cluster, use the SQL Critical Update tool instead of the wizard.
For more information about this wizard, see the following article in the Microsoft Knowledge Base:

Note: You must have Windows Installer 1.1 to run the SQL Critical Update Wizard on Windows 98, Windows Millennium Edition, or Windows NT 4.0.

For Windows NT 4.0, visit this Microsoft Web site:

Windows Installer 2.0 Redistributable for Windows NT 4.0 and 2000

For Windows 98 or Windows Millennium Edition, visit this Microsoft Web site: Windows Installer 2.0 Redistributable for Windows 9X

How to Obtain

To download these tools, visit the following Microsoft Web site:

SQL Server 2000 Security Tools

Applying Critical Update to Clusters

Critical Update automatically enumerates each virtual server and updates all instances on the node that is running Critical Update.

To run Critical Update on a cluster with one virtual server:

To run Critical Update on a cluster with multiple virtual servers, use these steps:

1. Move the groups that contain all SQL Server resources to a single node.
2. Run Critical Update on that node.

Moving all the groups that contain SQL Server resources to a single node is an optional step to make it easier to run Critical Update. If you cannot move all the groups that contain SQL Server resources to a single node, run Critical Update on each active node to make sure that each virtual server is patched.