Slammer may not feed on Microsoft alone
Published: 30 Jan 2003 08:49 GMT
Microsoft products may not be alone in contributing to the spread of the SQL Slammer worm, security researchers said on Wednesday.
Other companies also make products containing the Microsoft database software that has been exploited by the worm. More than 30 products, from security scanners to backup servers, use the vulnerable Microsoft SQL Server 2000 and Microsoft SQL Desktop Edition (MDSE) 2000 software, according to a list compiled by database security site SQLSecurity.com.
"In most cases, it is probably a reduced danger," said Chip Andrews, an independent security consultant and the Web master for SQLSecurity.com. "If you have MSDE installed on an application, it's powerful. So you have to make sure to secure it."
Last weekend, many corporate networks, ISPs and commercial Web sites slowed to a crawl after a fast-spreading computer worm infected database servers running vulnerable Microsoft software. While the company had issued a patch for the flaw six months earlier, more than 200,000 computers and information appliances were still not patched at the time of the attack and became infected, according to the latest estimates from security information site Incidents.org.
The compromised machines inundated local networks and the Internet with vast quantities of data, in an attempt to infect other systems. The deluge brought down some bank's ATM networks and disrupted some phone services, and the effects were felt by many companies, including those in the airline industry and railroad industry.
Microsoft said that only SQL Server 2000 and MSDE 2000 -- including the retail, service pack 1 and service pack 2 versions -- are affected by the Slammer worm. It released a list of products that include MSDE 2000 by default or by explicit instruction at the time of installation.
Yet other companies whose products use MSDE 2000 as a software component have, for the most part, been silent. While the individual products on the SQLSecurity.com list haven't been positively identified as vulnerable, some companies have acknowledged the security risk.
Storage server maker Veritas is included on the list. It told its customers earlier this week that its Backup Exec 9.0 for Windows Servers and ExecView 3.1 servers "may be susceptible to infection" by the worm.
Other companies said their products did indeed include the Microsoft software in question, but they had taken precautions to lock down the applications. For example, software company Internet Security Systems said that while both its RealSecure 7.0 and Internet Scanner included MSDE 2000, the products were configured so as to minimise any risk.
"Yes, we have MSDE, but it's not vulnerable," said Peter Allor, manager of the company's threat intelligence services.
Yet the security of most of the products on the list remains in question, and that has left security researchers uncomfortable. Chris Wysopal, director of research and development for digital security firm @Stake, said that the lack of details from companies regarding their products' security was not reassuring.
"If there is no vulnerability, you don't say anything -- that's fine," he said. "But if there is even a small vulnerability, you should advise your customers and fix it."
Let the editors know what you think in the Mailroom.
Did you find this article useful?
40 out of 90 people found this useful
- Share this article:
