Re: W32/SQLSlammer

• Previous message: Jonathan Boarman: "Re: why the SQL patch didn't prevent this worm"
• In reply to: Russ: "Re: W32/SQLSlammer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Sat, 25 Jan 2003 16:44:26 -0500
From: Chris Alliey <calliey@BELLATLANTIC.NET>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Russ,

Perhaps it is good to note that the patch for this worm was released by
Microsoft in July of last year. A good SQL admin should have patched this
hole months ago. Like previous worms, they are taking advantage of poor
system administration. We all have issues keeping up with patches, and hot
fixes, but I think this is good example of MS coming through with a fix long
before it is exploited.

Currently my company is only being hit by outside machines trying to exploit
the vulnerability on our machines. All our production servers are covered
with the MS Patch, but that isn't to say we won't find a couple users that
installed SQL / MSDE themselves - and didn't patch their systems.

Everyone is quick to jump on Microsoft when something goes wrong, here they
did everything right - but nobody will say that. Yes it can be argued that
the code shouldn't have had a fault - but give me the name of one piece of
software that doesn't have a bug or two. The important thing is it was
identified and resolved by the company months ago, and we are only feeling
the pain of this because people didn't patch their systems.

We (admins / engineers) need to step up and start taking the security of our
systems a little more seriously.

Thanks,

Chris

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure Corporation
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
TICSA - Anniversary Special - Limited Time

Become TICSA certified for just $221.25 US when you register before 3/31/03
with PROMO "TS0103" at www.2test.com. NO membership fees, certification
good for 2 years. Price for international delivery just $296.25 US, with
this offer. Offer cannot be combined with any other special and expires
3/31/03. Visit www.trusecure.com/ticsa for full details.

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

• Next message: Russ: "W32/SQLSlammer - lessons learned"
• Previous message: Jonathan Boarman: "Re: why the SQL patch didn't prevent this worm"
• In reply to: Russ: "Re: W32/SQLSlammer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [Full-Disclosure] Potential Microsoft PCT worm (MS04-011) ... This advisory below however is not from Microsoft, ... Non of the people I talked this over see a worm yet, ... | to test and apply the patch widely. ... (Full-Disclosure) Re: [Full-disclosure] Security Alert: Unofficial IE patches appear on internet ... created by a vulnerability is as serious as this case and the available ... Microsoft will be inclined strongly against holding on to this patch. ... Microsoft often have patches ready but wait for the corporate known ... (Full-Disclosure) Re: RPC security error is restarting my comp ... Yesterday while having looked at the microsoft support ... Is the original problem actually the worm which I have ... >install the patch mentioned above. ... >It is suggested that you first download the patch to your ... (microsoft.public.windowsxp.security_admin) Re: Homeland Security "Worm" ... I was being a little facetious, calling it a worm. ... I know I can delete cookies, but if Microsoft is co- ... >prevents it from booting or getting to the patch on the ... >> I generally trust Microsoft, ... (microsoft.public.security) Re: Worm in Patch ... > I have just received a Patch for October 2004 in wqhich ... > Norton Anti Virus found a worm. ... Microsoft information in the hopes of garnering more victims. ... Information on Bogus Microsoft Security Bulletin Emails ... (microsoft.public.windowsxp.security_admin)