Worm.Slammer
Description
This indicates an attempt by the SQL Slammer worm to exploit a buffer-overflow vulnerability in Microsoft SQL Server.
The vulnerability results from the the way that Microsoft SQL servers process input on the SQL Server Resolution Service on port 1434. By sending a specially crafted UDP packet, a remote attacker can execute arbitrary code on a vulnerable system. The SQL Slammer worm takes advantage of this to spread through local networks and the Internet. The worm first scans rapidly for vulnerable systems, and it is this scanning activity that has degraded service across the entire Internet.
Affected Products
MS SQL 2000 server.
Impact
System compromise: Remote code execution, worm infection
Recommended Actions
Apply the latest SQL Server patches from Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS02-039.mspx
Block external access to the Microsoft SQL service on port 1433 and 1434.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2022-03-03 | 20.269 |