Hidden installations (Score 5, Informative)

It is of course nothing less than idiocy to leave the 'sa' account enabled without a proper password. But, geniouses as this particular software vendor is, SQL-server is also a part of some other software packages, including deriviations of Visual C++. So if you installed VC++, your machine might be vunerable. If you are vunerable, does that make you an idiot?

I use VC++ regularly, and am thus a potential propagator of the worm. Thankfully SQL-server was disabled on my install, but you might not be so lucky.