Microsoft slammed by Slammer; failed to apply their own patches

“Microsoft’s policy of relying on software patches to fix major security flaws was questioned Monday after a series of internal e-mails revealed that the software giant’s own network wasn’t immune from a worm that struck the Internet last weekend.

The messages seen by CNET portray a company struggling with a massive infection by the SQL Slammer worm, which inundated many corporate networks Saturday with steady streams of data that downed Internet connections and clogged bandwidth.

‘All apps and services are potentially affected and performance is sporadic at best,’ Mike Carlson, director of data center operations for Microsoft’s Information Technology Group, stated in an e-mail sent at 8:04 a.m. PST Saturday to other members of Microsoft’s operations groups. ‘The network is essentially flooded with traffic, making it difficult to gather details concerning the impact.’

The messages put Microsoft in an awkward position: The company relies on customers to patch security flaws but the events of last weekend show that even it is vulnerable. In this case, Microsoft urged customers to fix a vulnerability in the SQL Server 2000 software, but it apparently hadn’t taken its own advice. Moreover, despite its 1-year-old security push, the software giant still had critical servers vulnerable to Internet attacks.

‘This shows that the notion of patching doesn’t work,’ said Bruce Schneier, chief technology officer for network protection firm Counterpane Internet Security. ‘Publicly, they are saying it’s not our fault, because you should have patched. But Microsoft’s own actions show that you can’t reasonably expect people to be able to keep up with patches,'” reports Robert Lemos for CNET Full story here.

1 Comment

  1. They say that Macs, in general, are more expensive than MS-based Wintel boxes. Apparently data vulnerable to being lost or stolen, being forced to discover and patch the holes in your system’s OS, and the additional IT staff (and numerous sleepless nights) worrying about these issues isn’t worth the small difference. Can someone, please, remind me why people use any Microsoft software? Why is my li’l Mac more secure than Microsoft’s own network?

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.