ms02-039



matchstich
07-09-2005, 10:53 PM
my av caught this, called it a virus, ms02-039 sql, thats all i can read of
the description, it came from source ip 220.104.2.137, protocol...udp
have no idea what that means

PA Bear
07-09-2005, 10:53 PM
Windows version?

AV app & versin?

And did you allow your AV to quarantine or delete it?
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE) & Security

matchstich wrote:
> my av caught this, called it a virus, ms02-039 sql, thats all i can read
> of the description, it came from source ip 220.104.2.137, protocol...udp
> have no idea what that means

Imhotep
07-09-2005, 10:53 PM
PA Bear wrote:

> Windows version?
>
> AV app & versin?
>
> And did you allow your AV to quarantine or delete it?

This is a buffer overflow in MS-SQL (and one of the old ones at that). The
IP address info the OP gave is the IP address of the PC that tried to
compromise him. UDP is the protocol MS-SQL uses...

To the OP:
It is never a good idea to leave any MS product wide open to the Internet.
Please consider using a firewall and keeping your software up to date...

Check this:
http://www.microsoft.com/technet/security/bulletin/MS02-039.mspx

-Im

matchstich
07-09-2005, 10:53 PM
i have a firewall, and and anti spyware, runnng xp-pro, sp2, and to be
honest , i have no idea what my av did with the deal, cept that this happens
once a week or so,

"Imhotep" wrote:

> PA Bear wrote:
>
> > Windows version?
> >
> > AV app & versin?
> >
> > And did you allow your AV to quarantine or delete it?
>
> This is a buffer overflow in MS-SQL (and one of the old ones at that). The
> IP address info the OP gave is the IP address of the PC that tried to
> compromise him. UDP is the protocol MS-SQL uses...
>
> To the OP:
> It is never a good idea to leave any MS product wide open to the Internet.
> Please consider using a firewall and keeping your software up to date...
>
> Check this:
> http://www.microsoft.com/technet/security/bulletin/MS02-039.mspx
>
> -Im
>

matchstich
07-09-2005, 10:53 PM
another thing , im not running a server, i have a pc for home use.

"matchstich" wrote:

> i have a firewall, and and anti spyware, runnng xp-pro, sp2, and to be
> honest , i have no idea what my av did with the deal, cept that this happens
> once a week or so,
>
> "Imhotep" wrote:
>
> > PA Bear wrote:
> >
> > > Windows version?
> > >
> > > AV app & versin?
> > >
> > > And did you allow your AV to quarantine or delete it?
> >
> > This is a buffer overflow in MS-SQL (and one of the old ones at that). The
> > IP address info the OP gave is the IP address of the PC that tried to
> > compromise him. UDP is the protocol MS-SQL uses...
> >
> > To the OP:
> > It is never a good idea to leave any MS product wide open to the Internet.
> > Please consider using a firewall and keeping your software up to date...
> >
> > Check this:
> > http://www.microsoft.com/technet/security/bulletin/MS02-039.mspx
> >
> > -Im
> >


ms02-039