As many of you are aware a fast-moving worm swept through the Internet late Friday and early Saturday night. In response to the worm, ITS blocked the affected tcp and udp (1433&34) ports at the Internet router.
We advise all agencies to follow the recommendations cited by the FBI's infrastructure protection group:
"There are a few things that need to be done other than just blocking 1433 and 1434. On top of that, if you are running MS Windows 2000 Server or 2000 Advanced Server, install Microsoft patch MS-02-039. As well, identify applications that have embedded SQL or MSDE (i.e. Visio Enterprise and several other MS applications). FYI - the patch does NOT work for MS NT4.0 Server.
You will not need to remove programs from your hard drives since this worm is apparently memory resident and does not write to disk; however, this also means that your anti-virus programs will not detect the worm. After installing the MS patch, you will need to reboot the system. Additionally, if you decide to shut down access to ports 1433 and 1434, if you have enough detailed information about your business or organization's needs, just shut down access to those ports from UNTRUSTED hosts - this will allow you to continue with normal operations that require SQL, and to block undesired traffic.
Note: Do not be surprised if you notice that you Intrusion Detection Systems have gone blind - this is an unfortunate side effect of the worm with some IDSs (too much traffic - sensors wigging out)."
If you have any questions please contact the ITS help desk and they will be able to put you in contact with the appropriate person.