Re: W32/SQLSlammer

From: Chris Alliey (calliey@BELLATLANTIC.NET)
Date: 01/25/03

  • Next message: Russ: "W32/SQLSlammer - lessons learned"
    Date:         Sat, 25 Jan 2003 16:44:26 -0500
    From: Chris Alliey <calliey@BELLATLANTIC.NET>


    Perhaps it is good to note that the patch for this worm was released by
    Microsoft in July of last year. A good SQL admin should have patched this
    hole months ago. Like previous worms, they are taking advantage of poor
    system administration. We all have issues keeping up with patches, and hot
    fixes, but I think this is good example of MS coming through with a fix long
    before it is exploited.

    Currently my company is only being hit by outside machines trying to exploit
    the vulnerability on our machines. All our production servers are covered
    with the MS Patch, but that isn't to say we won't find a couple users that
    installed SQL / MSDE themselves - and didn't patch their systems.

    Everyone is quick to jump on Microsoft when something goes wrong, here they
    did everything right - but nobody will say that. Yes it can be argued that
    the code shouldn't have had a fault - but give me the name of one piece of
    software that doesn't have a bug or two. The important thing is it was
    identified and resolved by the company months ago, and we are only feeling
    the pain of this because people didn't patch their systems.

    We (admins / engineers) need to step up and start taking the security of our
    systems a little more seriously.



    Delivery co-sponsored by TruSecure Corporation
    TICSA - Anniversary Special - Limited Time

    Become TICSA certified for just $221.25 US when you register before 3/31/03
    with PROMO "TS0103" at NO membership fees, certification
    good for 2 years. Price for international delivery just $296.25 US, with
    this offer. Offer cannot be combined with any other special and expires
    3/31/03. Visit for full details.