Microsoft slammed by its own product's vulnerability

January 28, 2003

Paul Roberts, IDG News Service

http://www.networkworld.com/news/2003/0128msslam.html

Microsoft fell victim to a software vulnerability in one of its own products on Saturday, when the W32.Slammer worm infested host machines on the Redmond, Wash., company's network, flooding that network with traffic.

The company's travails with Slammer late Friday night and Saturday morning were first revealed through internal e-mail messages obtained by news agencies and reported on Monday.

A Microsoft spokesman confirmed that the Slammer worm penetrated the company's network defenses and infected a number of SQL Server databases and desktop machines.

"There were circumstances where we were not patched," said Rick Miller, a spokesman for Microsoft.

In some cases, the vulnerable machines were purposely left unpatched to try to recreate specific environments for testing purposes, Miller said.

[..]


main page ATTRITION feedback