Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

SQL Sapphire: It's Not Only Microsoft's Fault

The massive worm attack that surfaced last month using Microsoft's SQL Server 2000 was certainly a nasty one. Reports on various lists claimed that packet loss on NAPs (network access points) reached 90 percent. Those of you who don't manage Microsoft SQL servers but were hit by this worm should be annoyed at your colleagues who didn't stay on top of patches.

Predictably, a lot of Microsoft bashing is going on. But you know what? You really have to stop blaming Microsoft for every little ill that comes your way. Take some responsibility. Yes, this was another problem with a Microsoft product, but a patch has been available since last June.

It looks like Next Generation Security Software (which discovered this vulnerability) took the correct, responsible disclosure route. The company's researchers found a problem, notified Microsoft, worked with Redmond to solve the problem and then announced its findings.

Why wasn't the patch installed in your organization? You should be open to all possibilities. If you expect your systems administrators to perform the assessment and installation of Microsoft hot fixes, you need to look closely at their workload and the volume of hot fixes Microsoft turns out. Look with open eyes into why the patch wasn't installed, and do whatever it takes to fix it. This is simple risk management. Hackers know that Microsoft technology is both widespread and vulnerable. You should face that reality also, and do whatever it takes to protect your organization.