Slammer Worm Slams Microsofts Own

MondoMor writes "Microsoft's forgot to patch some of its own servers to protect it from the months-old vulnerability exploited by the Slammer Worm, reports C|Net. Oops. Apparently Redmond's network was hit pretty hard. Just goes to show that no matter who you are, you'd better keep your apps patched." Update: 01/29 01:59 GMT by T : And if you're running systems which might be affected, take note: whitehorse writes "The Microsoft KB article for the Slammer patch found here has an incorrect URL for 'Download the patch' referring to KB Q316333 which is only a handle leak fix. The real patch may be found later in the article."

Re:Possibly???

[calethix]

damn
i would've beat you if MS SQL wasn't slowing me down

Re:Possibly???

[MrPink2U]

And I just thought the whole internet had been slashdotted! Who would have even imagined another design flaw in an MS product.

hahaha - there's justice for you

[pulse2600]

I am so happy Microsoft got a taste of the problems that their own buggy software has...I wonder how many times this will have to happen to them until they get the picture.

"That vulnerability is completely theor...oh shit!"

10 bucks...

[PFactor]

...says that patch management in Microsoft operating systems gets 100% better in 1 year :P

patch?

[bilbobuggins]

I was going to say:

Just goes to show that no matter who you are, you shouldn't use MS SQL.

but hey, to each their own...

Somewhere, deep down in the bowels of Redwood City

[instantkarma1]

Larry Ellison is cackling like a little girl........

MS Tech guy

[objekt]

(found on another forum) 01/25/2003 1:04:37 PM

"MSN was total messed up, I couldn't even log on to the net last night it said that my user name and passworded was invalid so I call them up and the tech guy says wow that's weird I can't ether."

in other news...

[calethix]

Several MS sys admins are now looking for a new job.

Re:10 bucks...

[Tingler]

I'll take that bet.

Are you new to computers? :)

Re:And they have the source!

[Anonymous Coward]

Windows just isn't as secureable as unix's ... this just goes to show that.

Oh, yes, of course! The Internet could never be effectively shut down for days by a UNIX-based worm! [nasa.gov]

better patch system

[Anonymous Coward]

From the article:
"Publicly, they are saying it's not our fault, because you should have patched. But Microsoft's own actions show that you can't reasonably expect people to be able to keep up with patches."

What he really means is that you need a better patch system. SQL server patches, and many others, are not covered by Windows Update.

Why not?

I just love these lines:
"Seems like every time I install a system patch, something else goes wrong with my system," said Frank Beier, president of Web design firm Dynamic Webs. The designer said many system administrators won't patch for many months, because they don't trust Microsoft to fix the problem without breaking some other function of the software.

"In most cases, I'm better off just playing Russian roulette with the hackers until our servers are broken into," he said.

Reports are coming in...

[Chocolate Teapot]

....of an horrific accident in Redmond, WA, in which the ever popular and much loved Slammer worm has become infected by a particularly pernicious dose of Windosis. A round-the-clock vigil has been in progress since Saturday, and the nations top experts have been called in to try to save Slammer. "17'5 700 34rLy 700 54y 1f w3 c4n 54v3 h1m" said pUrPle_rONniE, a pasty looking spokeman for the uninstall SWAT team. "w3 0wnz y00". This is only the 200,502,738th reported case of Windosis since 1982. The Department of Justice have yet to seal off the area to prevent further contamination.

Re:MS Tech guy

[sulli]

and it was like BEEP BEEP BEEP BEEP BEEP, and then, like, half the network was gone. It devoured the network.

It was a really good network.

Title is incorrect.

[redbeard_ak]

It should read "Slammer Worm Owns Microsoft" not "Slammer Worm Slams Microsofts Own".

I'm saying that from behind Microsoft's firewall - I should know.

It sure was a giggle on Monday seeing all the warning letters taped on every door and elevator in the building.

Most ops stuff seems up now - as up as they ever are ;) Still, there is some reporting I usually provide our team but my data source is still pooched.

Oh well... I can still browse slashdot.

I figure this post is blatant karma whoring, but if it helps some geek out there smile...

**Microsoft Confidential - Do not forward**

All Computers Running SQL Server 2000 and

MSDE Required to Load SQL Server 2000 Service Pack 3

say no more!

TCO

[marko123]

Does the cost of lost GLOBAL productivity (lost internet access in the workplace) and lost commerce (the ATMs going down) of this shizzah get get added to the total cost of ownership of MS products?

Re:Microsoft didn't patch all their INTERNAL serve

[r0ckflite]

Hmm, their internal developers had unlicensed copies of sqlserver installed on their systems? Hmm, looks like somebody needs a visit from the piracy police.

flawless!

[Erris]

That's such a great tool, thank you Mr. Free Porn for the link. They must have some big losers running the works at M$, huh? Let's quote one of them here:

Rick Devenuti, the chief information officer for the software giant... "We are not sure how the virus got into our network," Must have been terrorists! ... "It just takes one machine to get going," he said. "At any given point in time, it is hard to be 100 percent patched with any machine. We are working hard to make patch management easier. But 100 percent is a high bar and in this case we are not there."

Oh, it's too hard, that's it. Too bad they don't have a nice system like Debian's stable distro and apt-get upgrade to keep things all patched up. But wait, M$ patches break other software! It must just be impossible to keep them up.

I'm so sorry that I called those poor M$ admins losers. Blaming the user for your shitty software's failures is a Microsoft thing to do.

Just a thought . . .

[The Angry Mick]

. . . but maybe Microsoft thought those particular servers were still running BSD . . .

Re:10 bucks...

[azaroth42]

No, no, you don't understand ... 100% of 0 is still 0!

--Azaroth

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:M$ Winblows Update

[delus10n0]

Although you fufilled Slashdot's "$" and "Winblows" quotas for the day in your post, why is this modded as Funny? Should be modded as "Totally Stupid and Untrue".

Pfft.

Re:Nailed us.

[Anonymous Coward]

Ned! Stop all that dancing and celebrating... I am trying to sleep over here. Geesh.

Re:The Irony

[stinky wizzleteats]

I have come to dread every MS patch with a certain sense of dread.

I smell the smelly smell of something that smells smelly.

Re:Reboot Boys Alert

[Frobnicator]

On the plus side, that means that they haven't installed all the patches to their OS, many of which require reboots.

So... by announcing which ones have been running that long, they are announcing which ones are vulnerable to known attacks.

I guess they won't be on the list for long.... :)

frob

more famous last words...

[Vaughn Anderson]

Patches? Patches? We don't need not stinking patches!