Microsoft Statement on the “Slammer” Worm Attack

REDMOND, Wash., updated, Jan. 28, 2003 — On the evening of Friday, January 24, Microsoft became aware of an Internet attack that was causing a dramatic increase in network traffic worldwide. We immediately began investigating the issue and learned that a worm, named Sapphire or Slammer, was targeting computers running Microsoft SQL Server 2000 and MSDE 2000 systems. We were quickly able to determine that the vulnerability was known and patches had previously been made available, and that there was no data corruption on customers’ systems. The release of this worm is a criminal act, and we are working with law-enforcement authorities to the fullest extent possible.

We understand this worm has caused business disruption and we are committed to help our customers make sure their networks are as secure as possible — from development through deployment.

Since the release of this worm, Microsoft has worked around the clock to pull together the information and resources necessary to ensure that customers are able to protect their affected systems. Complete information is located at http://www.microsoft.com/security/slammer.asp . We have extra staff on hand in Product Support to assist customers, and, of course, all support calls related to this issue are free of charge.

The vulnerability that is exploited by this worm was first addressed by a Microsoft security patch in July 2002 and in subsequent cumulative patches, most recently in October 2002. In addition, as part of our commitment to the secure-in-deployment goal of Trustworthy Computing, we have re-released the latest security patch to include an installer that makes it easier for system administrators to accelerate installation.

Going forward, Microsoft will continue to invest in developing a more secure and robust computing infrastructure as part of the Trustworthy Computing initiative. We will also work with network administrators to continue to improve our patch deployment process.

We realize that SQL Server is a critical component of our customer’s enterprise infrastructure. As a result, Microsoft recently executed a security push to proactively identify and remove security flaws in SQL Server 2000. These updates were recently delivered as part of SQL Server 2000 and MSDE 2000 service pack 3. Security pushes like this are part of our commitment to delivering on the vision of Trustworthy Computing by making our exiting products more secure by design, default and in deployment. As a result, we strongly recommend that you evaluate and adopt SQL Server service pack 3.

Trustworthy Computing is a long-term process and this latest incident reinforces both how reliant we are on the Internet and how much work remains to deliver security against malicious attacks such as this. We understand the importance of this issue and we continue to look for new ways to deliver quality updates in a timely and easy to deploy manner.

You have our commitment that we will continue to work on this issue until it is resolved. We thank you for your continued patience and support.

For additional information please go to http://www.microsoft.com/security/slammer.asp , or contact the Microsoft Anti-Virus hot line at 1-866-PCSAFETY, Microsoft product support, and your anti-virus vendor. Ways to contact support can be found at http://support.microsoft.com .

(Due to a confusion concerning time zones, an earlier posting incorrectly reported the time at which Microsoft became aware of the issue. It was in fact 9:30 p.m. Pacific Time on Friday, Jan. 24.)

Related Posts