« Anti-DMCA Group Splits Off from Linux User Group in NYC | Main | Microsoft at War with Open Source at Pentagon »

Worm Targets Insecure Installations of Microsoft SQL Server

CNET News.com reports that a new worm is targeting Microsoft SQL Server and can successfully take servers over that are not configured according to the installation instructions. According to the article, "If the software hasn't been patched with a fix released by Microsoft in late April and has no password on the administrator account, then the server is vulnerable."


Further research into the problem indicates that SQL Servers can be protected simply by ensuring that the administrative password has been changed from the factory default.


As is the case with many network worms, the biggest problem with this software will probably turn out to be a huge increase in network traffic, as successfully installed copies of the worm try to locate other vulnerable systems. It would be a good idea to review firewall rules to ensure that incoming traffic from the Internet to TCP port 1433 is blocked to all servers and workstations.

Posted by Dave Aiello on May 22, 2002 7:51 AM |

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


About CTDATA

CTDATA Venutures (CTDATA) develops Internet and Intranet applications for corporations and non profit organizations. Our services include:

  • Consulting services for Movable Type and TypePad-based publishing systems (visit our Weblog Improvement website for more information),
  • Financial services business process consulting,
  • Content management system and knowledge management system consulting,
  • Apache web server engineering and hosting,
  • MySQL, Sybase, and Microsoft SQL Server architecture and development,
  • SOAP, REST, and XML-RPC system architecture and programming, including Amazon Web Services and
  • Weblog publishing.
For more information, contact Dave Aiello by email at dave [at] daveaiello.com or call him at +1-267-352-4420.

CTDATA Services

Categories

Archives

Subscribe to this blog's feed
[What is this?]
Copyright © 1995-2010, CTDATA Ventures. All Rights Reserved.
Powered by
Movable Type 4.25