News

Microsoft Reiterates SQL Slammer Warning

• By Scott Bekker
• June 12, 2003

In response to the publication of the SQL Slammer source code in a major industry magazine, Microsoft officials are warning users to make sure they've taken advantage of the rash of SQL Slammer defenses on the Microsoft Web site.

Wired Magazine is running an article in its July issue called "Slammed! An Inside View of the Worm that Crashed the Internet in 15 Seconds." The article, which includes a copy of the Slammer worm source code, prompted Microsoft corporate vice president for SQL Server, Gordon Mangione, to write a letter to SQL Server users that Microsoft posted on its Web site.

"Publication of the source code could make it possible for someone to create a more damaging variant of the Slammer worm," Mangione wrote.

In the letter, Mangione acknowledges that most customers secured their systems during the attack in January, but he adds, "As a result of this article, we want to take another moment to ensure that all customers running SQL Server 2000 or MSDE 2000 have taken the appropriate steps to protect their deployments."

Microsoft's SQL Slammer related tools include the SQL Server Critical Update, the SQL Server Critical Update Wizard, SQL Scan, SQL Check and the SMS Deployment Tool.

The Mangione letter also notes that Microsoft re-released SQL Server 2000 as SQL Server 2000 Release A in April in order to address the vulnerability.