Yes, I have successfully infected an MSDE 2000 system in my test lab. Since MSDE is installed with a number of Microsoft and other products, I believe that many people will not even know they are running MSDE, and of course would not have patched it. Trent. -----Original Message----- From: twhiteat_private [mailto:twhiteat_private] On Behalf Of terry white Sent: Monday, January 27, 2003 12:01 AM To: Marc Maiffret Cc: Incidents Subject: Re: SQL Sapphire Worm Analysis on "1-25-2003" "Marc Maiffret" writ: : SQL Sapphire Worm Analysis : : Systems Affected: : Microsoft SQL Server 2000 pre SP 2 ... it seems to me, i've read that the M$ 'desktop engine' a.k.a. "DE" is vulnerable to this exploit in some way. in fact, it seems like the DE was affected where MS-SQL not running ... -- ... i'm a man, but i can change, if i have to , i guess ... ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jan 27 2003 - 15:25:59 PST