It is somewhat intriguing that Microsoft blithely casts the blame for the Slammer worm on all those sysadmins who have neglected to apply the latest patches to their SQLServer systems. But there are a number of things which have been ignored. Firstly, Microsoft has never offered a specific patch for the exploit used by this worm. Instead, the company has bundled it up with an enormous number of patches, fixes and ‘upgrades’ as part of service pack 3. This may or may not be a good thing. However, one of the specific reasons many sites have not implemented the patch kit is the modified EULA (end user licence agreement) which accompanies every kit. It seems that Microsoft will offer a relatively benign EULA when the software is first purchased, and then progressively tighten it up with every patch kit. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.