Re: MSDE contained in...

[Johan Augustsson <johan.augustsson () adm gu se>]

On Tue, Jan 28, 2003 at 04:12:29AM +0000, Tina Bird wrote:
> Chalk this all up to "things I wish I didn't know":  I've been amused and
> skeptical at the list of applications people have claimed include MSDE,
> that are therefore vulnerable to SQL Slammer.  In particular, I had a hard
> time believing that Visio used it.  Heck, I've got Visio, and I'm pretty
> sure it doesn't open any network connections.
>
> So I prowled around the Web, and found this:
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/visio/Visio2002/maintain/vis_msde.asp
>
> MSDE is integrated with these Microsoft applications:
>
> Microsoft Visio 2000 Enterprise Edition AutoDiscovery & Layout (AD&L)
> solution
> AD&L solution from Microsoft Visio Enterprise Network Tools 2002
> Microsoft SharePoint Team Services (a Microsoft FrontPage Server
> Extensions 2002 companion product)
> Microsoft Project Central (a Microsoft Project 2000 companion product)
> Microsoft Application Center
>
> The following products ship MSDE on their product CD and can use MSDE as a
> database:
>
> Microsoft Access
> Microsoft Office 2000
> Microsoft Visual Studio 6.0
>
> --> Bleh.  I stand corrected.
>
> tbird

According to Microsoft, following products come with MSDE.

(From http://www.microsoft.com/technet/security/MSDEapps.asp)

1. Products that require an explicit selection to install MSDE:
# .NET Framework SDK
# ASP.NET Web Matrix
# BizTalk® Server 2002 Partner Edition
# Host Integration Server 2000
# Office XP Premium, Professional, Developer
# Project Server 2002
# Small Business Server 2000
# SQL Server 2000, Enterprise Edition, Developer Edition, Personal Edition (RTM, SP1, SP2)
# Visual FoxPro® 7.0 and 8.0 beta
# Visual Studio® Standard, Professional, Academic, Enterprise (.NET release only - not 6.0)
# Windows Enterprise Server 2003 RC1, only if UDDI is enabled
* Windows Server 2003 RC1, only if UDDI is enabled

2. Products that install MSDE by default:
* Application Center 2000 RTM, SP1, SP2
# Operations Manager 2000 RTM, SP1
# SharePoint^(TM) Team Services 2.0 beta

3. Products with the updated version of MSDE which includes SP3, and
   are therefore are not affected:
* Windows Enterprise Server 2003 RC2
* Windows Server 2003 RC2
       
If you don't know if MSDE 2000 is installed or not, do as follows:

   1. Right-click on the My Computer icon
   2. Select Manage
   3. Double-Click on Services and
   4. Double-Click Services 

  If MSSQLSERVER is in the list of services, the default
  instance of MSDE is installed on the machine. Other
  instances may exist, if they do they will be listed as
  MSSQL$**** (where stars indicate the name of the instance)



Johan Augustsson
--------------------------------------------------------------
Johan Augustsson           Phone: +46 (0)31 773 5361
Incident Response Team     Fax: +46 (0)31 773 1087
Göteborg University        E-mail: Johan.Augustsson () adm gu se
Sweden
--------------------------------------------------------------

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com