I just got this message from the sans newsbyte, and thought it might interest some of you...
Reguarding the sql worm that has been attacking computers....
- - You may be vulnerable and not realize it. Access 2000, Visio Enterprise Network Tools, Microsoft Project Central, Visual Studio 6 (and possibly other development tools) all appear to have an embedded version of SQL server (with no password set for the "SA" account) as a default install. These tools are still being sold today, and we have no reason to believe new buyers are immune to the vulnerability. Even worse, other vendors have embedded the run-time version of SQL Server 7 in their products. Dell, for example, installed it inside its IT Assistant Version 6.0 product and does not install the software required to change the password. Compaq Insight Manager Version 7 and IBM Director Version 3.1 both use the runtime version of SQL Server. If someone tells you, "Microsoft fixed the problem," please point out to them that they may have been misinformed for a large segment of the user community.