Newsroom

Slammer Worm Update for Power Server 710
January 30, 2003

HISTORY 

The worm, dubbed "Slammer" or "Sapphire" by antivirus companies, first appeared early the morning of January 25, and attacks a vulnerability in Microsoft® SQL Server? 2000 databases and Microsoft SQL Server 2000 data engine software. The worm, which does not attack the average home computer or appear to harm database contents, results in a large amount of network traffic that slows down legitimate traffic. (PC World, 1/27/03). 

STATUS 

After extensive investigation, Square D/ Schneider Electric has determined that this worm affects only Version 2 of the POWERLOGIC Power Server 710. Version 1 and Version 3 are not affected and no action is recommended at this time. Complete details on how to determine what version of Power Server you are using and recommended courses of action are as follows:
 

  • Version 1 of the Power Server 710 uses Microsoft SQL version 7 MSDE database and is therefore not affected by this worm. No action is recommend.
     

  • Version 2 of the Power Server 710 uses Microsoft SQL 2000 MSDE database and implements a ?custom? TCP port for SQL that is not affected by the worm. However, this worm targets a fixed UDP port for SQL and therefore causes Version 2 of the POWERLOGIC Power Server to be affected through the UDP port. Please refer to required action below.
     

  • Version 3 of the Power Server 710 uses Microsoft SQL 2000 MSDE database, but like Version 2 implements a "custom" TCP port for SQL that is not affected by the worm. Prior to release of the Version 3 Power Server, Microsoft released a security patch for the fixed UDP port for SQL 2000. This security patch has been applied in the Version 3 Power Server, so this worm does not affect it. No action is recommend. 

    The Power Server version can be determined by either of the following methods: 

    a) Open a web browser and connect to the power server. The version will be displayed in the browser window.

    b) With the browser connected to the power server, "Click" on the Square D or MG logo on the upper right of the screen. An ?About? box will appear and show the power server's version. 

    REQUIRED ACTION     

    Slammer is resident in volatile memory of infected machines and is disabled by a simple reboot. However, if the POWERLOGIC Power Server remains connected to an infected network, it will immediately be re-infected when it restarts. To prevent re-infection, the network connection between the power server and the Ethernet network must be removed during the re-boot process. 

    Version 2 Power Servers require immediate action. POWERLOGIC engineering will release a self-extracting patch to facilitate applying the Microsoft Service Update to the Version 2 Power Servers. The patch will be available from the POWERLOGIC web site downloads area. Instructions for applying the patch will be included on the web site and will be available from POWERLOGIC Technical Support (615-287-3400). 

    WARNING: DO NOT attempt to load the Microsoft SQL 2000 Service Pack 3 directly to the Power Server. Loading this service pack can cause unrecoverable damage to the unit.