January 30, 2003 at 10:07 am
For:
Windows XP, SP1
SQL Server 2000, SP2
The hotfix for the worm that hit last weekend is here:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-039.asp
I downloaded the hot fix. According to directions, I stopped SQL Server. SQL Server Agent was already stopped. I copy the new ssnetlib.dll in the appropriate directory. I'm told to copy over ssnetlib.plb as well, but this file does not exist on my system. I make my best guess where it belongs, but it has no affect on the results.
I bring SQL Server back online. I start Query Analyzer and try to log in. It doesn't. I reverse the changes, and QA is fine.
I'm not sure what I'm doing wrong.
The recommended change for the worm is to install SP3. Unfortunately, the merge module files for MSDE must be obtained from MS. If getting the SP3 merge modules was anything like getting the SP2 merge modules, we have a long fight ahead of us. If we can't get them this time, we won't be able to upgrade to SP3.
Steve Miller
Steve Miller
January 30, 2003 at 10:12 am
According to
http://www.sqlservercentral.com/columnists/bknight/sapphirevirus.asp
I need version 2000.800.636 or later. My version, as displayed by @@version, is 2000-8.00.194. I'm assuming at this point that I first need to install some other patch(es).
Steve Miller
Steve Miller
January 30, 2003 at 10:23 am
Doh!
When I was on the SP3 beta team, I ran into a problem, and reinstalled SQL Server. I never applied SP2.
OPEN Mouth
INSERT Foot
Steve Miller
Steve Miller
January 30, 2003 at 11:15 am
That would do it. Just as a reminder to anyone who would be patching... SP2 is required to apply these hot fixes. We had to bring up servers that were RTM and SP1 in a hurry. Waiting on third-party vendors to certify sucks. We had to go without "official word" in some cases.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley
January 30, 2003 at 4:25 pm
For anyone listening...
It appears this patch is cumulative, including the latest for the worm:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-061.asp
Once I installed this, the ssnetlib.dll from this patch was newer than the one provided by the worm patch.
The URL above points to this site for downloads:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q316333&sd=tech
According to this, the patch was wrapped in an installer. I haven't found that to be the case. Maybe it's just me, but I ended up doing a lot of manual work. If we end up going this way I either have to find out what's up with this phantom installer, or I'll end up writing a program to automate it.
Hopefully we can get those merge module files, and I can bypass this mess.
Steve Miller
Steve Miller
January 30, 2003 at 4:37 pm
In the first link you posted:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-061.asp
There's a section in the upper right portion of the bulletin text labeled "Get the Patch" with a drop down menu with "Choose a language" showing. When you choose the language you want, you'll see the download dialog box to get the hot fix and installer. For instance, if you select English, you should be prompted to download:
8.00.0686_enu_installer.exe
HTH.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley
January 31, 2003 at 9:55 am
We had some weird MSDE installations that would not patch. Wouldn't install SP2. We had an MS engineer on site and they said that for the Worm, you can just copy over the ssnetlib.dll, v .679. You can get this from the ms0-61 download.
Not sure how to verify, but were told this by 2 MS engineers.
Steve Jones
January 31, 2003 at 11:17 am
>> Wouldn't install SP2. We had an MS engineer on site and they said that for the Worm, you can just copy over the ssnetlib.dll, v .679.
I wonder. We've been using SP2 on both development and MSDE for some time now. Also, when I was trying to use just the worm patch (ssnetlib.dll v.679) on my full install, it failed, as I wrote in a previous message.
Seems to verify, you would merely follow the instructions in the readme. Or is your MSDE install offsite?
Steve Miller
Steve Miller
January 31, 2003 at 3:04 pm
MSDE is in house, but a custom strange install. The installer fails for SP2, so we just copied over the DLL. Doesn't seem to be a way to verify it is patched other than you don't get infected.
Steve Jones
January 31, 2003 at 3:07 pm
A lot of people have been having problems with the MSDE service packs. We had problems here.
As far as scanning, start MSDE up and use SQL Retina from eEye, it should show whether or not it's patched by just copying the files.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley
Viewing 10 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply