Microsoft Corp., still scrambling to help customers glue their systems back together following the SQL Server “Slammer” worm, on Friday will put out a new version of tools designed to help users figure out whether theyre at risk. In addition, the company plans to put out a third version sometime next week.
There are three tools now posted on Microsofts site: SQL Scan, SQL Check and SQL Critical Update. The SQL Server 2000 Scan tool scans individual computers, Windows domains or IP address ranges for instances of SQL Server 2000 and MSDE 2000, identifying instances that may be vulnerable to Slammer. SQL Scan runs on Windows NT 4.0, Windows 2000 or Windows XP.
SQL Check also scans computers for instances of SQL Server 2000 and MSDE 2000, stopping and disabling SQL Server and SQL Agent services, but on Windows 98 and Windows ME, it does not stop vulnerable instances. SQL Critical Update scans computers for vulnerable instances and also automatically updates affected files. It doesnt run on Windows 95, Windows 98 or Windows ME.
The most important upgrade to all three tools is that interfaces will give users a clearer idea of whats going on, according to SQL Server Product Manager Sheryl Tullis. Before, it was “a little difficult” to tell when the patch was done installing, she said. Also, Microsoft has clarified error message language so that users will have less confusion following instructions, said Tullis, in Redmond, Wash. Microsoft also plans to address Windows 98 and ME in both Version 2 and 3 of the tools.
Version 3 will be geared to small-business users and those who have MSD on their systems but arent database administrators and therefore dont know how to install patches, Tullis said. This attempt to address the laborious installation process of SQL Server patches is the latest of a few similar moves by Microsoft, which addressed the problem by releasing an automatic installation version of the patch last weekend, when Slammer first struck. Version 3 will have an interface customized for non-DBAs lack of experience with patch installation, Tullis said.
Tullis said that the timing of the patch upgrades is deliberate in that Microsoft wants to give administrators time to patch systems over the weekend. “That way they dont have to take the systems down during critical business hours,” she said.
Microsoft also has long-term plans in place to address Slammer. Plans include re-releasing SQL Server 2000 packaged with Service Pack 3, which has been out since July but will now be available out of the box with the system it patches. This move is meant to address the catastrophic timing of the release of SP3, which came out the week before Slammer hit, giving DBAs insufficient time to install the patch.
“We dont want any confusion about where we want customers to be—current users or future users,” Tullie said. “Anybody who buys SQL Server 2000 will have SP3 right out of the box.” It will take “several months” before the two are packaged, she said.