From: InfoSec News (isnc4i.org)
Date: Wed Jan 14 2004 - 05:55:02 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.eweek.com/article2/0,4149,1434145,00.asp

By Jim Rapoza
January 12, 2004

While the Blaster worm and Sobig virus garnered the lion's share of
attention and fear last year, 2003 began with a worm that caused many
headaches for administrators of Microsoft Corp.'s SQL Server 2000. The
SQL Slammer worm, which exploited a known and patched hole in SQL
Server 2000, crashed servers and brought networks to their knees.

In multiple tests held recently at eWEEK Labs, an unpatched SQL Server
system became infected with SQL Slammer in less than 10 minutes.
However (and amazingly), a year after SQL Slammer first struck, there
are still many vulnerable and unpatched SQL Server systems on the
Internet.

Clearly, there are many people who haven't gotten the message when it
comes to patching and securing SQL Server 2000.

Compounding the trouble is the fact that MSDE 2000 (Microsoft SQL
Server 2000 Desktop Engine) is also vulnerable to SQL Slammer and is
often installed as part of third-party applications.

There is no reason for this problem to be as bad as it still is. While
it takes vigilance to stay aware of your potential danger spots and to
know where all your SQL Server and MSDE implementations are, securing
SQL Server itself isn't rocket science.

[...]

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]