Bill Gates must be livid. Just after he publishes an e-mail letter to customers outlining Microsoft's progress on its Trustworthy Computing initiative, the SQL Slammer worm--376 bytes of code also known as Sapphire, w32.SQLexp.worm, and Helkern--exploits known vulnerabilities in Microsoft SQL 2000 servers. It creates a global Internet slowdown and another embarrassment for the chairman of the world's most powerful software company. And to top it off, Microsoft's own servers were Slammed.. . .
Bill Gates must be livid. Just after he publishes an e-mail letter to customers outlining Microsoft's progress on its Trustworthy Computing initiative, the SQL Slammer worm--376 bytes of code also known as Sapphire, w32.SQLexp.worm, and Helkern--exploits known vulnerabilities in Microsoft SQL 2000 servers. It creates a global Internet slowdown and another embarrassment for the chairman of the world's most powerful software company. And to top it off, Microsoft's own servers were Slammed.

The worst part is that a patch for the vulnerability exploited by the Slammer worm was issued last summer and was included in the latest service pack for Microsoft SQL Server 2000. In fact, the majority of successful hacks come as a result of an exploitation of a known vulnerability. In failing to apply the updates to some of its servers, Microsoft didn't follow its own security polices. Gates, Ballmer and the other Microsoft execs are probably still cooling down, trying to avoid strangling the company's system administrators.

Given that a patch was available, Microsoft should not have both feet held to the fire. Gates and company are extremely serious about removing the stigma attached to the level of security in its products. With customers looking to cut costs and Linux initiatives cutting into Microsoft's dominant share across multiple markets, having a reputation for defective, insecure products is not helpful in convincing customers to stay the course.

The link for this article located at ZDNet is no longer available.