We aren't a Microsoft SQL Server shop, but we run Microsoft SQL Server Desktop Edition (MSDE) 2000 on some of our production servers. I've heard that we might be vulnerable to SQL Slammer. Are we? And if so, how can we protect ourselves?
A common misconception is that only SQL Server 2000 machines are vulnerable to SQL Slammer. But MSDE 2000 is based on the same code as SQL Server 2000, so MSDE 2000 also is vulnerable.
The SQL Slammer worm was so effective in part because many systems administrators failed to patch their systems long after the original discovery of the vulnerability that the virus exploits. To be fair, applying the applicable updates wasn't a particularly easy task. Microsoft listened to customer complaints about that fact and has since developed several tools to help systems and database administrators update their SQL Server 2000 installations. For additional information about these tools, see the tools' accompanying documentation or read the Microsoft article "Overview of the SQL 2000 Critical Update Wizard" (http://support.microsoft.com/?kbid=814372). You can download these tools from Microsoft's Web site at http://www.microsoft.com/sql/downloads/securitytools.asp, then use them to protect yourself.