It must have been frustrating to write the Jan. 25, 2003, Microsoft press release responding to the SQL Slammer worm, also known as Sapphire. Read between the lines, and it’s easy to decipher the statement’s real message: “We tried to warn you.” Learn all about it in this edition of Tech Time Warp.
In fact, Microsoft had tried to warn network admins about the potential for SQL Slammer several months earlier: “The vulnerability that is exploited by this worm was first addressed by a Microsoft security patch in July 2002 and in subsequent cumulative patches, most recently in October 2002.” Unfortunately, one of the few people to pay attention to Microsoft in July 2002 were the creators of the worm.
The importance of timely security patches
SQL Slammer was one of the fastest-spreading worms of all time, attacking 75,000 servers in as few as 10 minutes. The malware exploited a vulnerability in Microsoft SQL Server 2000 software using only 376 bytes of code. Its spread was limited by bandwidth. SQL Slammer could double in size in only 8.5 seconds, but its ability to randomly generate IPs to scan for attack was only as fast as its current machine and network. SQL Slammer’s payload, while not malicious, was mighty: In the early hours of Jan. 25, 2003, packet loss across the internet was at 20 percent, compared with a normal rate of 1 percent. South Korea was particularly hard hit, with many sites shut down for several hours.
A UK security expert named David Litchfield had identified the vulnerability and alerted Microsoft to it during the summer of 2002. Per Litchfield, Microsoft was responsive, and the tech giant even gave him permission to speak about it at a Black Hat Security Briefing. Alas, while Microsoft listened to Litchfield in creating a security patch, the tech giant itself was hit by SQL Slammer after not keeping up with its own security updates.
Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.
Photo: weerapat / Shutterstock
This post originally appeared on Smarter MSP.