|
-
 All DBAs Read this. SQl Worm
worm attack on SQL Servers 1434 port.
Read the links below.
http://www.cert.org/advisories/CA-2003-04.html
-
Standard Hotfix Installation Steps
===================================
1. Install SQL Server 2000 Service Pack 2. Do not proceed any further until you successfully install SQL Server 2000 Service Pack 2.
2. Shut down the Microsoft SQL Server and SQL Server Agent services.
3. Make a back up copy of the ssnetlib.dll files from the <installation path for this SQL Server instance>\Binn folder and the ssnetlib.pdb files from the <installation path for this SQL Server instance>\Binn\dll folder.
4. Copy the ssnetlib.dll files from the hotfix self-extracting archive into the <installation path for this SQL Server instance>\Binn folder and the ssnetlib.pdb files into <installation path for this SQL Server instance>\Binn\Exe folder.
5. Start the Microsoft SQL Server and SQL Server Agent services.
6. Test the scenario for the bug that this build fixes to verify that your problem is resolved. Notify Microsoft PSS immediately if your problem is still unresolved.
7. If, for any reason, you encounter a problem with this hotfix build, you may go back to the previous build by restoring the files you backed up in step 3.
Hotfix Installation Steps for SQL
=======================================Server 2000 Enterprise Edition with
=======================================
Clustering Enabled
=======================================
1. Install SQL Server 2000 Service Pack 2. Do not proceed any further until you successfully install SQL Server 2000 Service Pack 2.
2. Navigate to a node of the cluster where the SQL Server instance is currently not running.
3. Make a back up copy of the ssnetlib.dll files from the <installation path for this SQL Server instance>\Binn folder and the ssnetlib.pdb files if they exist from the <installation path for this SQL Server instance>\Binn\Dll folder.
4. Copy the ssnetlib.dll files from the hotfix self-extracting archive into the <installation path for this SQL Server instance>\Binn folder and the ssnetlib.pdb files into the <installation path for this SQL Server instance>\Binn\Dll folder.
5. Failover the SQL Server instance to the node in which the new binaries are now installed.
6. Test the scenario for the bug that this build fixes to verify that your problem is resolved. Notify Microsoft PSS immediately if your problem is still unresolved.
7. If, for any reason, you encounter a problem with this hotfix build, you may go back to the previous build by restoring the files you backed up in step 3.
8. After you verify the hotfix, repeat steps 1 through 3 on the remaining nodes in the cluster.
-
I applied the HotFix and I expected my version to change when I ran Select @@version but it did not. Should it change? Has anyone else experienced this or did I do something wrong? The version referenced in the instructions for the Hot Fix was 8.00.0636. The version stayed at 8.00.534
Sidney Ives
-
is it clustered?
Make sure you install on the right folders.
-
No it's not clustered. I'm very certain that I applied to the correct folders. I applied it to a test server. I'll apply to another to see if the same issue occurs there.
Sidney Ives
-
-
Did you apply sp2 before that? The fix is for post sp2.
-
SP2 had already been applied. It's been applied for some time. I tried it on another server with the same results. When applying the fix, I did it with a .bat file. See the contents below. Since we're just swapping a .dll do you think that the version is not being updated?
/* Start .bat file */
Net Stop SQLServerAgent
Net Stop MSSQLSERVER
Rename "E:\Program Files\Microsoft SQL Server\MSSQL\BINN\ssnetlib.dll" old_ssnetlib.dll
Copy E:\SQL2KSSP2_PATCH\Ssnetlib.dll "E:\Program Files\Microsoft SQL Server\MSSQL\BINN\"
Copy E:\SQL2KSSP2_PATCH\Ssnetlib.pdb "E:\Program Files\Microsoft SQL Server\MSSQL\BINN\Exe"
Net StART MSSQLSERVER
Net StART SQLServerAgent
-
If the worm affects only Resolution Service, then how it affects the SQL Server that runs on a machine alone (as a main and the only instance)?
Dim
-
Hi Guys,
Microsoft again relreleased the patch with the updated one within 24 hours. It is self installable. Please go for that. It doesn't have any problems and gives a version with 8.00.679 after you run the patch.
To make sure your server has a worm or not please go to http://securityresponse.symantec.com...oval.tool.html
and extract FixSqlex.exe and run the file.
The servers with default instance (only one instance) has no worm especially if you have 1434 port blocked and virus definitions are set on those servers.
Thanks,
Anu
-
Tried to download the file
http://securityresponse.symantec.com...r/FixSqlex.exe
It says "File Not Found" 
Dim
-
Since I applied the Hot fix I'm receiving a warning in the EventLog. The text is below. Anybody have clue?
SuperSocket info: (SpnRegister) : Error 1355.
I applied the Fix manually then backed it out after learning of the version with the install file. I used the new version but I get the same problem. I've done this on two servers and I'm reluctant to roll it to production without understanding/resolveing this issue. No errors appear in the SQL Error Log.
Sidney Ives
-
-
go to
http://securityresponse.symantec.com
you can see the first url as W32.SQLExp.Worm
select the URL
scroll down till the end of the page and there you can see clicke here URL
under the heading removal instructions
http://securityresponse.symantec.com...oval.tool.html
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote