On Tue, Jan 28, 2003 at 04:12:29AM +0000, Tina Bird wrote: > Chalk this all up to "things I wish I didn't know": I've been amused and > skeptical at the list of applications people have claimed include MSDE, > that are therefore vulnerable to SQL Slammer. In particular, I had a hard > time believing that Visio used it. Heck, I've got Visio, and I'm pretty > sure it doesn't open any network connections. > > So I prowled around the Web, and found this: > http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/visio/Visio2002/maintain/vis_msde.asp > > MSDE is integrated with these Microsoft applications: > > Microsoft Visio 2000 Enterprise Edition AutoDiscovery & Layout (AD&L) > solution > AD&L solution from Microsoft Visio Enterprise Network Tools 2002 > Microsoft SharePoint Team Services (a Microsoft FrontPage Server > Extensions 2002 companion product) > Microsoft Project Central (a Microsoft Project 2000 companion product) > Microsoft Application Center > > The following products ship MSDE on their product CD and can use MSDE as a > database: > > Microsoft Access > Microsoft Office 2000 > Microsoft Visual Studio 6.0 > > --> Bleh. I stand corrected. > > tbird > According to Microsoft, following products come with MSDE. (From http://www.microsoft.com/technet/security/MSDEapps.asp) 1. Products that require an explicit selection to install MSDE: # .NET Framework SDK # ASP.NET Web Matrix # BizTalk® Server 2002 Partner Edition # Host Integration Server 2000 # Office XP Premium, Professional, Developer # Project Server 2002 # Small Business Server 2000 # SQL Server 2000, Enterprise Edition, Developer Edition, Personal Edition (RTM, SP1, SP2) # Visual FoxPro® 7.0 and 8.0 beta # Visual Studio® Standard, Professional, Academic, Enterprise (.NET release only - not 6.0) # Windows Enterprise Server 2003 RC1, only if UDDI is enabled * Windows Server 2003 RC1, only if UDDI is enabled 2. Products that install MSDE by default: * Application Center 2000 RTM, SP1, SP2 # Operations Manager 2000 RTM, SP1 # SharePoint^(TM) Team Services 2.0 beta 3. Products with the updated version of MSDE which includes SP3, and are therefore are not affected: * Windows Enterprise Server 2003 RC2 * Windows Server 2003 RC2 If you don't know if MSDE 2000 is installed or not, do as follows: 1. Right-click on the My Computer icon 2. Select Manage 3. Double-Click on Services and 4. Double-Click Services If MSSQLSERVER is in the list of services, the default instance of MSDE is installed on the machine. Other instances may exist, if they do they will be listed as MSSQL$**** (where stars indicate the name of the instance) Johan Augustsson -------------------------------------------------------------- Johan Augustsson Phone: +46 (0)31 773 5361 Incident Response Team Fax: +46 (0)31 773 1087 Göteborg University E-mail: Johan.Augustssonat_private Sweden -------------------------------------------------------------- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 09:07:00 PST