I've mirrored the appropriate patches to the UVM software archive:
 
http://www.uvm.edu/software/distribution/windows/patches_upgrades/sql2000/
 
Slammer takes advantage of the following vulnerability:
 
http://www.microsoft.com/technet/security/bulletin/MS02-039.asp 
Q323875_SQL2000_SP2_en.exe addresses this issue if you have MS SQL Server SP2.
 
SQL Server SP3 is cummulative and doesn't require installation of previous service packs.
 
sql2ksp3.exe   ( database components )
sql2kasp3.exe  ( analysis services)
 
Enjoy,
--Geoff
 
 
 
----- Original Message -----
From: "Geoffrey Duke" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Saturday, January 25, 2003 11:05 AM
Subject: MS SQL Server Security (was Network Issues: 2003-01-25)

> Microsoft's SQL Server security resources:
>
>
http://www.microsoft.com/sql/techinfo/administration/2000/security.asp
>
> --Geoff
>
> > We have tracked at least part of the problem to what appears to be an SQL
> > worm attacking on UDP port 1434 which enacted what looks like a DOS attack
> > on the firewall.
>