Re: SQL Server Worm devastates Microsoft Corporate networks!

asj <kalim_at_xxxx.com> scribbled:

> Microsoft itself gets hit (and HARD) by the SQL Server worm!
>
> stan? hellllo? stan???? what's that cr*p again about lazy admins
> you've been spouting? microsoft can't even protect itself and you're
> expecting so many others to be able to do so?
>
> "Microsoft's policy of relying on software patches to fix major
> security flaws was questioned Monday after a series of internal e-
> mails revealed that the software giant's own network wasn't immune
> from a worm that struck the Internet last weekend."
>
> "The messages seen by CNET News.com portray a company struggling with
> a massive infection by the SQL Slammer worm, which inundated many
> corporate networks Saturday with steady streams of data that downed
> Internet connections and clogged bandwidth."
>
> "The messages put Microsoft in an awkward position: The company relies
> on customers to patch security flaws but the events of last weekend
> show that even it is vulnerable. In this case, Microsoft urged
> customers to fix a vulnerability in the SQL Server 2000 software, but
> it apparently hadn't taken its own advice. Moreover, despite its 1-
> year-old security push, the software giant still had critical servers
> vulnerable to Internet attacks."

Microsoft = Software Development company.

Microsoft's developers use Visual Studio Enterprise edition as their basic development tool.

VS EE comes with MSDE 2000 as its default database engine, and is installed by default.

You do the math.

Most software developers aren't going to care about patches to SQL Server -- especially if they don't use it, or are not running a site. As far as they're concerned, it's just a part of their dev system, and one they don't look at too often.

*That* is why it caused problems for MS.

Simon Received on Tue Jan 28 2003 - 02:07:49 CST