Microsoft has responded to the rapid spread of the Slammer worm through software vulnerability in its SQL Server...
2000 database by posting pre-release versions of utilities that can ferret out susceptible systems.
The tools include:
SQL Scan, which can scan a computer, network domain or range of IP addresses and identify instances of SQL Server 2000 or the Microsoft SQL Server Desktop Engine (MSDE) 2000 that are vulnerable to Slammer.
SQL Check, which can scan an individual computer running most flavours of the Windows operating system for instances of SQL Server 2000 and MSDE 2000 that are vulnerable to Slammer. For later versions of Windows, such as NT 4.0, Windows 2000 and Windows XP, SQL Check can also disable the vulnerable services.
SQL Critical Update, which can scan a computer running Windows NT 4.0, Windows 2000 and Windows XP, identify vulnerable instances of SQL Server 2000 and MSDE 2000 and automatically patch the vulnerable files, removing the threat posed by Slammer.
The tools were provided "as is" by Microsoft and all are "under continuing development," according to the company's Web site. In addition, some of the tools, such as SQL Scan and SQL Critical Update, are not supported by all of Microsoft's current operating systems.
While the release will be welcome news for network administrators -- even in a pre-release state -- they are not the first on the market.
U.K.-based computer security company Next Generation Security Software (NGSS) updated its scanning tool, Typhon II, in July to test for the Slammer vulnerability, according to David Litchfield, co-founder of NGSS and the person who first identified the SQL Slammer vulnerability.
Unfortunately, many SQL Server administrators are slow to respond to patch known vulnerabilities until after a new worm or virus that exploits them is already circulating, according to Litchfield.
"People buy Microsoft products and throw them on their network. These people are not informed about security or don't think about it. So it's only really when things are reported in the popular press that people take notice," Litchfield said.
While the new Microsoft tools may help administrators patch for Slammer, there are other known vulnerabilities in SQL Server and other Microsoft products that, like Slammer, enable attackers to take control of critical systems without needing to supply login or password information, according to Litchfield.
Administrators should be searching their network for those vulnerabilities, he added.