SQL Server 2000 Desktop Engine default configuration null password vulnerability

　　Involving procedures:

SQL Server Desktop ENGINE,MSDE 1.0

　　Description:

Msde/sql Server 2000 Desktop Engine default configuration null password vulnerability

　　Detailed:

Microsoft SQL Server Desktop Engine (MSDE) is a product that Microsoft uses to provide database management services.

Microsoft SQL Server Desktop engine is a Microsoft-distributed database SQL SERVER2000 shared data engine.

Microsoft SQL Server Desktop Engine (MSDE) and SQL Server Desktop Engine default configurations have vulnerabilities that can cause remote attackers to access the database with administrator privileges.

Microsoft SQL Server Desktop Engine (MSDE) and SQL Server Desktop Engine default configuration their administrator password is NULL, remote attackers can exploit this vulnerability to access the database with administrator privileges.

There are already worms that exploit Microsoft SQL server and some derivative MSDE and SQL Server Desktop engine's default null password.

　　Affected Systems:

Microsoft SQL Server Desktop Engine
Microsoft MSDE 1.0

　　Solution:

Microsoft provides the following address reference for security settings for SQL:

* Q322336 how to:verify with the System Administrator Password by Using
Msd

* Q321081 Visio installation of MSDE creates an ' sa ', with a Blank
Password

Interim Solution:

Manually set the strong administrator password

　　Attack Method:

No valid attack code