More than a decade of patches and updates later, Slammer is back.
This is all about keeping current and keeping your systems updated. In this case, beyond SQL Server 2000. Yes. 2000. It’s hard to believe there are some out there still trying to execute this exploit. But what may be harder to believe is, unless they’re just simply crazy, they must be having some success, otherwise, why try?
Read a bit more about it here.
Not to sound like an olde cogger, but I remember when… Geez. This thing swept through servers in a flash and caused all sorts of issues. The biggest challenge “way back then” was that you would hold off on updates so you could first test, then also get with your vendors to certify updates with their software.
So many times the vendors would wait for a couple of incremental updates after a major release before going through the process of updating their code, testing it and “certifying” it against a given patch update. This mean that vulnerabilities that were found shortly after or as a major release hit the market had time to flourish and that the updates that actually were applied to servers could be spotty and unpredictable.
In short, it was a breeding ground for issues.
This one in particular, along with some of the really broad SQL Injection hacks, swept through servers. You could count servers and infection rates in the 10’s of 1000’s or more. And in some cases, it could happen overnight, sometimes on the weekend of course when fewer people were looking.
While this won’t impact too many servers out there (I hope), it does at least ring the bell for staying updating and keeping systems current. Make sure you keep after those updates and updates to the infrastructure-level stuff you have in place. It’s a complex infrastructure environment, lots to manage. But it’s obviously quite important to stay on top of it.
Do you have regular review cycles in place? Do you have intrusion detection and activity monitoring so you can start to detect odd activity even if it’s not a known issue…. yet?