From: Chris Alliey (calliey@BELLATLANTIC.NET)
- Previous message: Jonathan Boarman: "Re: why the SQL patch didn't prevent this worm"
- In reply to: Russ: "Re: W32/SQLSlammer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 25 Jan 2003 16:44:26 -0500 From: Chris Alliey <calliey@BELLATLANTIC.NET> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Perhaps it is good to note that the patch for this worm was released by
Microsoft in July of last year. A good SQL admin should have patched this
hole months ago. Like previous worms, they are taking advantage of poor
system administration. We all have issues keeping up with patches, and hot
fixes, but I think this is good example of MS coming through with a fix long
before it is exploited.
Currently my company is only being hit by outside machines trying to exploit
the vulnerability on our machines. All our production servers are covered
with the MS Patch, but that isn't to say we won't find a couple users that
installed SQL / MSDE themselves - and didn't patch their systems.
Everyone is quick to jump on Microsoft when something goes wrong, here they
did everything right - but nobody will say that. Yes it can be argued that
the code shouldn't have had a fault - but give me the name of one piece of
software that doesn't have a bug or two. The important thing is it was
identified and resolved by the company months ago, and we are only feeling
the pain of this because people didn't patch their systems.
We (admins / engineers) need to step up and start taking the security of our
systems a little more seriously.
Delivery co-sponsored by TruSecure Corporation
TICSA - Anniversary Special - Limited Time
Become TICSA certified for just $221.25 US when you register before 3/31/03
with PROMO "TS0103" at www.2test.com. NO membership fees, certification
good for 2 years. Price for international delivery just $296.25 US, with
this offer. Offer cannot be combined with any other special and expires
3/31/03. Visit www.trusecure.com/ticsa for full details.