Other Microsoft Programs Said at Risk for Web Worm

Yahoo/Reuters ^ | Sat Jan 25, 8:41 PM ET | Reed Stevenson

[Dominic Harr]

'Sell the beta, and you can get the public to pay for your product testing.'

[Dominic Harr]

An 'MS Quality Seal of Approval' ping.

[Dominic Harr]

The service pack to fix this has only been out around a week, so be careful installing it. Always test first, on a box that you can live without.

Sometimes these service packs break other things.

[Clara Lou]

Gee, I hope FR's great Lion of Microsoft is going to drop by and give us a few of his standard friendly comments on the greatness of MS.

[Dominic Harr]

Knock knock.

I wonder if the timing of this also had anything to do with the SuperBowl?

There'll be a lot of web traffic during the SB, without a doubt.

I doubt it, I guess. Just something to muse about.

[Dominic Harr]

" FR's great Lion of Microsoft "

:-D

[ShadowAce]

"It was a vulnerability. We knew about it, but someone is exploiting it," Charney told Reuters,

They knew about, but didn't fix it. Pretty sad.

[TaRaRaBoomDeAyGoreLostToday!]

"It was a vulnerability. We knew about it, but someone is exploiting it,"

The statement of the year. Lemme rephrase with out the < / microsoft bs spin > on.

"It was a vulnerability major flaw in our garbage can system. We knew about it we could care less, we are lazy sitting around making good money playing golf online, but someone is exploiting it, $hit we got cought, how dare someone come in our back door when we left it wide open with snow and wind blowin in, while we sat on our a$$es, by the fireplace all warm."

[isthisnickcool]

Gads! This SQL bug has been around for a long time.

[Dominic Harr]

There was a patch. But I thought the patch was only for SQLServer, I didn't realize it was required for other products too.

It turns out the exploit is caused by a deeper flaw in MS products.

[TaRaRaBoomDeAyGoreLostToday!]

Related Thread

[Dominic Harr]

Thanks, there were about a 1/2 dozen on the issue, I noticed.

Altho this is really a new wrinkle in the story -- it's not just SQLServer, as they had been saying up until now.

[TaRaRaBoomDeAyGoreLostToday!]

Exactly. If we link em all together we will know the whole story and facts.God knows the news is blurbing this with bits and pieces here and there.

[HAL9000]

"The unfortunate thing about this is when you know that this was a problem and they (customers) hadn't updated," Charney said, "That's a bit frustrating."

Perhaps Microsoft's customers are becoming a bit frustrated with the daily security bulletins and patches. The unfortunate thing is that Microsoft knows they have a problem with designing and distributing commercially defective software, but fails to address the fundamental cause - their own sloppy development practices and denial of responsibility.

[Bloody Sam Roberts]

I would count on it.

[Dominic Harr]

The thing that most amazes me is that in *current, shipping* products they aren't forced to recall the CDs and reissue 'fixed' versions.

People who buy and install these products *today* are buying and installing a broken product.

[mumbo]

They did fix it. There is a free update/patch at their website.

When you write YOUR first error-free, perfectly secure operating system/application, you can be as snide as you want.

Until then, remember that it can happen to anyone, and people who use systems that are connected to the Internet should watch all of the usual sites for warnings and alerts.

Microsoft isn't as careful as I think they should be, and God knows their code isn't very tight, but they are the kingpin, and our choice is to make the best of the hand we are dealt. This means if you are functioning perfectly well with older, proven software, there is no reason to go to the new software until it is proven.

[TaRaRaBoomDeAyGoreLostToday!]

INTERNET NEWS
Net virus takes down ATMs
Thousands of bank customers frozen out by worm

---

Posted: January 26, 2003
1:00 a.m. Eastern

---

© 2003 WorldNetDaily.com

Thousands of banking customers were shut out of their ATMs yesterday and websites around the world were knocked down yesterday by a malicious computer worm.

Bank of America Corp. said yesterday that customers at a majority of its 13,000 automatic teller machines were unable to process customer transactions after the virus nearly froze Internet traffic worldwide.

Bank of America spokeswoman Lisa Gagnon told Reuters by phone from the company's headquarters in Charlotte, North Carolina, that many, if not a majority of the No. 3 U.S. bank's ATMs were back online and that their automated banking network was back in business.

Web traffic slowed suddenly and dramatically worldwide for hours after a fast-spreading computer worm clogged pipelines of the global network carrying data, Web pages and e-mail.

''We have been impacted, and for a while customers could not use ATMs and customer services could not access customer information,'' Gagnon said.

Gagnon said that the worm, which slows down computer networks by replicating rapidly and spreading to other servers, did not cause any damage to customer information, but slowed down or blocked access to that sensitive information, making transactions difficult.

---

[Dominic Harr]

This means if you are functioning perfectly well with older, proven software, there is no reason to go to the new software until it is proven.

Just thought that bore repeating.

*Never* use a new version of *anything* for mission-critical use.

From *anyone*.

Period.

[isthisnickcool]

Well, that may be true but people are not protecting their systems. Like having the common sense to password setup in the case of SQL Server.