CVE-2000-1209

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server 2000 SQL Server 7.0 Data Engine (MSDE) 1.0 Tumbleweed Secure Mail (MMS) Compaq Insight Manager Visio 2000

Description The issue allows remote attackers to gain privileges due to the default null password of the sa account. This has been exploited by worms such as Voyager Alpha Force and Spida.

Recommendations For Microsoft SQL Server 2000, update the sa account password to a secure value. For SQL Server 7.0, change the default sa account password. For Data Engine (MSDE) 1.0, modify the sa account to use a non-null password. For Tumbleweed Secure Mail (MMS), Compaq Insight Manager, and Visio 2000, ensure that the underlying SQL server components have secure sa account passwords configured.