Responding to the rapid spread of the Slammer worm through a software vulnerability in its SQL Server 2000 database product, Microsoft has posted pre-release versions of a number of utilities that can ferret out systems that are susceptible to Slammer.
The tools posted to Microsoft's Web site include:
- SQL Scan, which can scan a computer, network domain or range of IP addresses and identify instances of SQL Server 2000 or the Microsoft SQL Server Desktop Engine (MSDE) 2000 that are vulnerable to Slammer.
- SQL Check, which can scan an individual computer running most flavors of the Windows operating system for instances of SQL Server 2000 and MSDE 2000 that are vulnerable to Slammer. For later versions of Windows, such as NT 4.0, Windows 2000 and Windows XP, SQL Check can also disable the vulnerable services.
- SQL Critical Update, which can scan a computer running Windows NT 4.0, Windows 2000 and Windows XP, identify vulnerable instances of SQL Server 2000 and MSDE 2000 and automatically patch the vulnerable files, removing the threat posed by Slammer.
The tools were provided "as is" by Microsoft and all are "under continuing development", according to information posted on the company's Web site. Some of the tools - such as SQL Scan and SQL Critical Update - are not supported by all of Microsoft's current operating systems.
While Microsoft's tools will be welcome news for network administrators - even in a prerelease state - they are not the first such tools on the market.
UK-based computer security company, Next Generation Security Software (NGSS), updated its scanning tool, Typhon II, in July to test for the Slammer vulnerability, co-founder of NGSS, David Litchfield, said.
Litchfield first identified the SQL Slammer vulnerability.
Unfortunately, many SQL Server administrators only patched known vulnerabilities after a new worm or virus that exploited them was already circulating, Litchfield said.
"People buy Microsoft products and throw them on their network," he said. "These people are not informed about security or don't think about it. So it's only really when things are reported in the popular press that people take notice."
While the new Microsoft tools may help administrators patch for Slammer, there were other known vulnerabilities in SQL Server and other Microsoft products that, like Slammer, enabled attackers to take control of critical systems without needing to supply login or password information, Litchfield said.
Administrators should be searching their network for those vulnerabilities as well if they didn't want to fall victim to the next Slammer-like threat, Litchfield said.
As the world's largest software maker, Microsoft has come under scrutiny for security vulnerabilities in its widely used products.
The recent Slammer worm took advantage of one such security hole and the ubiquity of Microsoft's SQL Server database software to become the fastest spreading computer virus ever, according to a study conducted by the Cooperative Association for Internet Data Analysis (CAIDA) and other organisations.
The study claims the number of machines infected with Slammer doubled roughly every 8.5 seconds in the first minutes of the outbreak. This was more than 250 times faster than Code Red, which hit in mid-2001 and had a doubling time of 37 minutes.