Re: W32/SQLSlammer

From: Chris Alliey (calliey@BELLATLANTIC.NET)
Date: 01/25/03

  • Next message: Russ: "W32/SQLSlammer - lessons learned"
    Date:         Sat, 25 Jan 2003 16:44:26 -0500
    From: Chris Alliey <calliey@BELLATLANTIC.NET>
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Russ,

    Perhaps it is good to note that the patch for this worm was released by
    Microsoft in July of last year. A good SQL admin should have patched this
    hole months ago. Like previous worms, they are taking advantage of poor
    system administration. We all have issues keeping up with patches, and hot
    fixes, but I think this is good example of MS coming through with a fix long
    before it is exploited.

    Currently my company is only being hit by outside machines trying to exploit
    the vulnerability on our machines. All our production servers are covered
    with the MS Patch, but that isn't to say we won't find a couple users that
    installed SQL / MSDE themselves - and didn't patch their systems.

    Everyone is quick to jump on Microsoft when something goes wrong, here they
    did everything right - but nobody will say that. Yes it can be argued that
    the code shouldn't have had a fault - but give me the name of one piece of
    software that doesn't have a bug or two. The important thing is it was
    identified and resolved by the company months ago, and we are only feeling
    the pain of this because people didn't patch their systems.

    We (admins / engineers) need to step up and start taking the security of our
    systems a little more seriously.

    Thanks,

    Chris

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by TruSecure Corporation
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    TICSA - Anniversary Special - Limited Time

    Become TICSA certified for just $221.25 US when you register before 3/31/03
    with PROMO "TS0103" at www.2test.com. NO membership fees, certification
    good for 2 years. Price for international delivery just $296.25 US, with
    this offer. Offer cannot be combined with any other special and expires
    3/31/03. Visit www.trusecure.com/ticsa for full details.

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo



    Relevant Pages

    • Re: [Full-Disclosure] Potential Microsoft PCT worm (MS04-011)
      ... This advisory below however is not from Microsoft, ... Non of the people I talked this over see a worm yet, ... | to test and apply the patch widely. ...
      (Full-Disclosure)
    • Re: [Full-disclosure] Security Alert: Unofficial IE patches appear on internet
      ... created by a vulnerability is as serious as this case and the available ... Microsoft will be inclined strongly against holding on to this patch. ... Microsoft often have patches ready but wait for the corporate known ...
      (Full-Disclosure)
    • Re: Homeland Security "Worm"
      ... I was being a little facetious, calling it a worm. ... I know I can delete cookies, but if Microsoft is co- ... >prevents it from booting or getting to the patch on the ... >> I generally trust Microsoft, ...
      (microsoft.public.security)
    • Re: RPC security error is restarting my comp
      ... Yesterday while having looked at the microsoft support ... Is the original problem actually the worm which I have ... >install the patch mentioned above. ... >It is suggested that you first download the patch to your ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Worm in Patch
      ... > I have just received a Patch for October 2004 in wqhich ... > Norton Anti Virus found a worm. ... Microsoft information in the hopes of garnering more victims. ... Information on Bogus Microsoft Security Bulletin Emails ...
      (microsoft.public.windowsxp.security_admin)